ZS Associates (www.zs.com) ZS is the world's largest firm focused exclusively on helping companies improve overall performance and grow revenue and market share, through end-to-end sales and marketing solutions - from customer insights and strategy to analytics, operations and technology. More than 5,000 ZS professionals in 22 offices worldwide draw on deep industry and domain expertise to deliver impact for clients across multiple industries

ZS- India Capability and Expertise Centers house more than 60% of ZS people across two locations based in Pune and Gurgaon. Our teams work in conjunction with onshore colleagues to deliver our sales and marketing projects to our clients. The Centers primarily support client projects based in North America, Europe and East Asia in the areas of Business Analysis, Business Operations and Business Technology.

ZS IT Support teams is aligned with the company's business strategy and operating model and aims to provide its 4800 plus employees and their clients the right tools and information for high performance. The IT organization focuses on providing products and services to ZS to ensure successful business outcomes. This involves providing a scalable, sustainable and reliable IT infrastructure, customized applications, messaging and collaboration products, Business Intelligence and Database administration support along with a reliable 24- 7 uninterrupted high quality technology support services.

As a Compliance and Audit Associate you will work under the supervision of the Compliance and Audit Manager and report to appropriate local office management personnel. You will:

- Execute IT audit projects designed to provide assessment of internal control processes in accordance with ZS's IT policies, data security and privacy practices and legally binding contractual obligations and commitments to its clients.

- Perform IT risk assessments and third party cloud vendor security and privacy risk assessments.

- Execute detailed plans for performing individual audits in accordance with the ZS IT audit program.

- Prepare audit work papers and reports documenting the results of reviews of assigned activities and recommended management action.

- Participate in the planning and coordination of all audits of ZS's data security and privacy environment by ZS's clients.

- Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry IT trends to identify potential issues and risks.

- Participate in reviews of internal controls and security of systems under development as needed.

- With assistance from senior personnel, liaise with internal and external stakeholders to ensure IT compliance related documentation is kept up to date with ZS's compliance requirements, obligations and commitments, as needs evolve.

- Liaise with appropriate stakeholders including IT, Legal, HR, Finance and others, as needed, to ensure that compliance requirements are incorporated into ZS configured compliance workflow management tools.

- Assist with monitoring of ongoing organizational compliance with IT change management, logical and physical access, IT operations and other control procedures, as deemed necessary by management from time to time. Actively maintain findings and remediation recommendation registers. Track remediation activities to completion.

- Assist with the documentation of IT policies and procedures (e.g. IT change management, logical and physical access processes, data backups and restoration, disaster recovery processes).

- Assist with responding to client-driven RFPs, RFIs, and external security and privacy audits and questionnaires, as requested by management.

- Assist in the development of appropriate IT compliance training material and conduct training of impacted stakeholders, as needed.

- Assist with other IT audit and compliance related initiatives and special projects as assigned from time to time.

What are we looking for-

A successful Compliance and Audit Associate possess the following characteristics:

- BS/BA in computer science or related field with record of high academic achievement. Management Information Systems (MIS) degree or specialization highly preferred.

- Corporate or consulting firm IT audit/assurance engagement experience required. Big 4 IT assurance/public accounting firm experience, while not required, is strongly preferred.

- Certified or eagerness to become certified in one of the following IT audit related certifications while working at ZS (e.g. CISA, CISSP, CRISC).

- At least 1 year of hands on experience performing IT audits end to end including the documentation of audit plans, audit test scripts, audit narratives, test results, findings and remediation recommendation listings.

- At least 2 years of experience participating in IT audit engagement lifecycles (e.g. US SOX, US SOC1 & SOC2 audits) with some senor personnel oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement.

- Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers.

- Experience documenting IT policies and procedures (e.g. IT change management, logical and physical access, data backups and restoration processes).

- Excellent communication and organizational skills - preferably with international exposure.

- Excellent command over the English language, verbal and written; experience writing IT audit narratives and reports required.

- Demonstrated ability to work independently and as part of a team of IT audit professional peers strongly preferred

- Ability and willingness to work hours which overlap with US time zones (e.g. US Central Time zone)

- Ability and willingness to travel to the US and other ZS offices, if needed, to assist with compliance and audit engagements, on a periodic basis.

Technical expectations include proficiencies in the following:

- Basic working knowledge of web based applications, operating systems and databases including Windows Active Directory, Linux, Microsoft SQL and Oracle.

- Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, Access, SharePoint)

- Basic working knowledge of various control frameworks including:

COBIT - Control Objectives for Information and Related Technology

ISO/IEC 27001:2013 - Code of Practice for Information Security Management

NIST SP 800-53

HIPAA/HITECH Security and Privacy Audit Protocol

- Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including:

US SOX - Sarbanes Oxley Act

US HIPAA/HITECH Act

EU GDPR - General Data Protection Regulation

US EU Privacy Shield

India IT Act (data privacy provisions)

India Companies Act

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.