As a Business Information System IT Compliance Manager, you’ll work to ensure compliance with regulatory and industry mandates that include SOX, PCI, GDPR and others. You’ll manage the day-to-day aspects including scoping, implementing controls, overseeing all review exercises, creating and maintaining documentation, as well as working with all departments to complete the assessments.
WHAT YOU’LL DO:
- Enhance and oversee all aspects of the Analytics Business Information Systems IT General Controls (ITGC) to ensure our continued compliance with the Sarbanes Oxley (SOX) act.
- Establish processes to support the controls and ensure that control self-assessments are conducted in a timely manner ensuring completeness and accuracy.
- Identify and validate key controls to address IT and business risks and work with various teams to address identified deficiencies and help identify compensating controls.
- Manage User access Provisioning and De-provisioning approval process including working with business owners on periodic Segregation of Duty(SOD) review based on a developed SOD framework
- Develop and manage Access Recertification Process for Business Information Systems on a quarterly basis, and follow-on activities including conducting look back analysis if necessary
- Coordinate the review of the SaaS applications SOC 1, Type 2 reports and follow-up actions on Complementary User Entity Controls (CUEC’s) or other compensating controls.
- Review and oversee compliance related procedures, documentation, sign-off etc on – Business Information System’s Incident and Change manage processes.
- Direct, manage, monitor the effort to ensure compliance with the PCI Data Security Standard (PCI-DSS).
- Partner with Internal Audit team to perform audits of third parties such as vendors, services providers, consulting organizations etc.
- Partner withInternal Audit team to facilitate and support internal and external audits.
- Educates and mentor technical teams on ITGC and compliance and facilitates embedding compliant practices into the way operates.
- Partner with CISO, Legal and internal audit teams to facilitate compliance with European Union Privacy Law – EU-GDPR.
- Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to support the various security, compliance and audit requirements.
- Provide guidance and support to IT and business to ensure continued compliance with the various mandates.
- Endorse and support a compliance culture whereby employees are encouraged to seek clarifications and support for the company’s compliance initiatives.
- Must be able to build relationships with technology and business teams across the company.
- Interact routinely with assessors, auditors, service providers, consultants/advisers, law enforcement agencies and professional organizations.COMPETENCIES:
- Demonstrated experience in implementing compliance framework such as COSO, COBIT, ISO 27001, etc.
- Intimate understanding of Sarbanes Oxley (SOX Compliance requirements and IT General Controls.
- Thorough knowledge of PCI related standards including PCI-DSS, PA-DSS, ASV guidelines and other support documents.
- Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security.
- Familiarity with cloud and SaaS-based environments and technologies with associated auditing methodologies.
- Expert presentation, documentation and communication skills.QUALIFICATIONS:
- Bachelor’s or Master’s degree in a computer or information management field or similar work experience.
- At least one of CISSP, CISA, CISM, CSA, QSA preferred.
- Strong attention to detail, influencing and problem resolution skills.
- 5-7 years’ experience in an information security compliance, audit, risk management or ISA/QSA role with hands on experience in a multitude of compliance initiatives.
- An outgoing personality is a MUST for this position.
Go to all jobs