Our client is looking for a Senior IT Compliance Analyst to join their growing Company.
In this position you will perform IT process documentation to satisfy various IT control activities (e.g., SOX, Security, Privacy, PCI DSS, HIPAA, GDPR, FDA, CCPA, ISO) in a collaborative work environment.
Areas of documentation include, but not be limited to, compliance requirements, system access management, management self-assessments, IT operations, test validation, and change management.
The person filling this role will need to be proactive, have IT audit experience (especially as it relates to the regulatory requirements noted above) with appropriate certifications, know IT terminology, concepts, practices, supporting processes, and be able to work independently.
- Conducts assessments of IT general, privacy and security controls as it relates to the regulatory requirements noted above
- Conducts PCI DSS Attestation of the Compliance process
- Communicates issues with control performance to Management promptly
- Communicates with internal/external auditors to verify control effectiveness and best practices
- Reviews and analyzes control evidence for issues. Works with IT teams and coordinate performers to ensure the correct, expected evidence is generated and retained promptly.
- Performs a validation of artifacts gathered as part of systems development life cycle and change management processes, including testing evidence
- Executes work programs to evaluate and test controls operating effectiveness as needed
- Participates in the implementation and performs testing of audit and governance policies, procedures, and tools
- Works closely with internal and external auditors as the backup to the Senior Manager, Global IT Compliance
- Works closely with global departments involved in IT controls related to SOX, PCI DSS, Privacy and Security, HIPAA, GDPR, FDA, CCPA, ISO, such as Finance, IT Infrastructure, ERP and Application Support, Legal, Genomic Labs, etc.
- When required, implements performs and/or monitors IT application and general controls, including privacy and security controls
- Documents and updates audit support procedures, narratives, and process flows when needed
- Provides training to employees on IT control processes and documentation as needed
- Participates in projects and new implementations as subject matter expert for IT controls, including the identification and evaluation of mitigating controls when needed, and oversees control implementation
- Support business with technical aspects of Data Protection Impact Assessments
- Will perform other functions as required
- Domestic and international travel is required
- Bachelor’s degree in business, accounting, finance, computer science, information systems, or a related discipline is required
- 5+ years IT audit experience, preferably in a public accounting or corporate environment
- Knowledge of the Sarbanes-Oxley Act of 2002, PCI DSS, and privacy regulations (e.g., GDPR, FDA, HIPAA, CCPA)
- Knowledge of IT security, access management, systems development life cycle, change management, IT operations, data center, and application controls
- Knowledge and experience with internal control frameworks
- Passing of background check, which may include verification of prior employment, criminal conviction history, educational and driving records
- Detailed-oriented, independent, and thorough in examination and analysis
- Excellent problem solving and analytical expertise
- Excellent written and oral communication skills in English. Other languages are desired.
- CISA, CRISC, CGEIT, or CISSP certification or in process
- Project management skills are highly desirable.
- Prior experience in an international enterprise environment is preferred.
- Extensive experience working in a team-oriented environment in a collaborative manner
- Ability to explain technical concepts to non-technical audiences
- Ability to suggest technological solutions
To perform the job successfully, an individual should demonstrate the following behaviors:
- Motivation/Initiative: Motivated and curious, willing to ask questions, research issues, and take on challenging projects/assignments; creative, brings new ideas to the table, exhibits self-confidence.
- Administrative Skills: Possesses the ability to organize and follow-through on multiple tasks and recognize and attend to details with accuracy and efficiency. Works to complete goals, tasks, and plans, anticipate potential problems and analyze alternative solutions.
- Interpersonal Style: (Interpersonal Skills, Communication, Teamwork); develops/ maintains effective working relationships; listens attentively to others; communicates ideas clearly (written & verbal); relates to people in an open/ sincere manner; participates effectively in meetings; assists in finding solutions as well as identifying problems; communicates appropriately with supervisor and co-workers. Able to project manage other individuals and maintain a calm and reliable demeanor in the face of challenges.
- Self-Management: (Adaptability/Flexibility, Stress Tolerance, Autonomy); adapts readily to changes in routine; works effectively in stressful situations; needs limited guidance and direction; is comfortable working in a fast-paced environment; is reliable and dependable; is results-oriented; maintains productivity and composure under pressure; views problems as opportunities to create solutions.
- Thinking Skills: Diagnoses problems efficiently; gathers sufficient input before making decisions or plans; makes a timely decision, quickly determines sources of the problem, identifies information needed to solve the problem, analyzes alternative solutions, communicates issues and decisions effectively to the team.
- Customer Orientation: Sensitive & responsive to internal customer needs; demonstrates skills in customer services and satisfaction; maintains a positive attitude, willing to listen to customer problems and seek solutions; stays in tune with changing needs of customers.