IT Risk Assessment Project Manager

  • Boston, MA, USA
  • Sep 05, 2017

Job Description

HMH MISSION: Changing people's lives by fostering passionate, curious learners.

Curious? We get it. We are too.


HMH is unique. We have been in business since 1832 and we also embrace cutting-edge technology. This means HMH published Hawthorne, Emerson, and Thoreau and we have award-winning apps such as Curious World and 100% of our K-12 products are digitally enabled. We are proud of where we've been and excited about where we are going.


HMH is mission-driven, serving more than 50 million students in over 150 countries worldwide. We help kids learn, and are passionate about it. In fact, it's our mission statement: Changing people's lives by fostering passionate, curious learners.


Many companies talk about it. HMH does it. We offer work-life balance and a flexible work environment and schedule. We are proud to be featured on Flexjobs Top 100 Companies for Flexible Jobs in 2017.


Last year, HMH employees donated over 4,500 hours of time and energy during our annual Volunteer Week. HMH matches employee donations as well.


Houghton Mifflin Harcourt (NASDAQ:HMHC) for more information, visit

HMH is seeking an energetic team player to join their fast-paced Internal Audit team that is looking to make a difference. The IT Risk Assessment Project Manager will assist in developing and executing comprehensive technology and information security assessment programs that are responsive to the operational, financial and information technology risks across all divisions and of the Company. In this highly visible role, the individual will have broad exposure to the technology, product development, and finance organization as well as on the Executive level. The position will report into the Vice President of Internal Audit and responsibilities include performing risk assessments and scoping audits, developing audit programs, conducting audit planning and fieldwork, preparing of work papers and other audit deliverables, and ensuring all audit work is in compliance with IIA standards. This is not a simple SOX Compliance role (that function is outsourced to a third-party) this individual will be primarily responsible for developing, executing, and delivering high-quality assessments over a wide-variety of high-impact technology and security areas. Examples of previous successful projects include: an end-to-end risk assessment of a multi-million dollar SAP ERP implementation project, an AWS cloud security review, and a deep dive review of a Mobile Device Management platform.

Functional Description:

  • Participate on steering committees of other key company initiatives.
  • Seeks and implements continuous opportunities for internal audit and IT /
  • Cybersecurity process improvements.
  • Execute audits and perform data analysis under minimal supervision
  • Builds long-term relationships with senior management to better understand the company's culture and management directives.

    Experience, Skills, and Education:

    • 3-5 years of relevant work experience at an external audit firm or in an internal audit role at a public company working on audits.
    • Experience with the education/technology industry a plus.
    • Relevant industry certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA).
    • Bachelor's Degree in Computer Science, Information Systems, Accounting Information Systems, Business Administration, Finance, Accounting, or related discipline.
    • Experience in developing and performing audits, IT risk assessments, root cause analysis of audit issues and writing formal audit reports.
    • Solid understanding of the concepts of governance, risks, and controls; information security; project management; and systems development concepts is essential.
    • Data Analytics (ACL Analytics) experience a plus.
    • Knowledge of COBIT, COSO, ISO 27001, and other IT audit and security frameworks.
    • Experience in collaborating with all levels of an organization's management team and with external auditors.
    • Excellent interpersonal communication and presentation skills Ability to comfortably and coherently present to an executive and audience.
    • Exceptional project management skills.
    • Strong computer skills and advanced Excel experience.
    • Experience with SAP.
    • Self-motivated team player with positive attitude.

      Travel Requirements: Travel up to 10%

      Physical Requirements:
      Might be in a stationary position for a considerable time (sitting and/or standing).
      The person in this position needs to move about inside the office to access file cabinets, office machinery, etc.
      Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and computer printer.
      Must be able to collaborate with colleagues via face to face, conference calls, and online meetings.

      Houghton Mifflin Harcourt is an equal employment opportunity employer and participates in E-Verify. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of gender, race/ethnicity, gender identity, sexual orientation, protected veteran status, disability, or other protected group status.
      Associated topics: chief program officer, cpo, manage, manager, management, monitor, product manager, project manager, relationship manager, task


Houghton Mifflin Harcourt