Compliance & Governance Specialist - BFSI

Experience:

- Subject matter expert with hands on experience across Continuous Compliance, Audit response (SOC2 and HIPAA) and IT Operations.

- Candidate should be able to provide GRC guidance and interpretation of rules, regulations, risks, and best practices.

Skills & Certifications:

- Excellent analytical, decision making and time management skills.

- Ability to trouble shoot, identify, analyze and mitigate GRC related risks in existing processes, policies and procedures

- Demonstrable leadership and interpersonal skills with experience in mentoring team members

- Should be able articulate clearly - verbally and writing followed by execution with a sense of urgency

- Strong knowledge and experience in managing audit activities with interdependencies between many different projects and initiatives

- Create and publish reports will little or no supervision

- Experience across ISO 27001, PCI DSS, NIST, SOC2 and HIPAA audits (Process design; documentation; governance- response etc.)

- Sound underdressing of the ServiceNow GRC module - must have

- ITIL v3 Certified - nice to have

- COBIT- 5 Foundation nice to have but not mandatory

- Certifications on CISSP, CISM, CISA, CRISC are beneficial but not mandatory

Responsibilities:

- Continuous Compliance process

- Responsible overall for compliance posture of assigned environment

- Design and implement tests to ensure compliance outside audit cycle

- Assign controls to owners and follow through to completion

- Drive quarterly Internal Control Questionnaire (ICQ) process

- Provide reporting on overall compliance program

- Formulate and deliver compliance training and awareness workshops

- KPI Metric development

- Ensure control objectives and controls are mapped accurately and update as needed for assigned environment

Oversight and Governance :

- Participate in process and procedure reviews across Operations

- Assist in updating process materials as needed for compliance and governance work streams

- Ensure IT compliance incidents are addressed, documented, and resolved; makes recommendations in remediation efforts and follows to close

Audit Response :

- Intermediary between auditors (internal and external) and Operations

- Review evidence prior to submission to auditors

- Schedule interviews and meetings as needed to support audits, including onsite

- Work with Operations to ensure relevant evidence is gathered; upload evidence to ServiceNow

- Provide sound basis for the Management Assertion in SOC reports and update Narrative as needed

- Work with Operations to remediate any findings

- Report status to leadership

Other tasks and activities related to compliance as assigned