Experience:
- Subject matter expert with hands on experience across Continuous Compliance, Audit response (SOC2 and HIPAA) and IT Operations.
- Candidate should be able to provide GRC guidance and interpretation of rules, regulations, risks, and best practices.
Skills & Certifications:
- Excellent analytical, decision making and time management skills.
- Ability to trouble shoot, identify, analyze and mitigate GRC related risks in existing processes, policies and procedures
- Demonstrable leadership and interpersonal skills with experience in mentoring team members
- Should be able articulate clearly - verbally and writing followed by execution with a sense of urgency
- Strong knowledge and experience in managing audit activities with interdependencies between many different projects and initiatives
- Create and publish reports will little or no supervision
- Experience across ISO 27001, PCI DSS, NIST, SOC2 and HIPAA audits (Process design; documentation; governance- response etc.)
- Sound underdressing of the ServiceNow GRC module - must have
- ITIL v3 Certified - nice to have
- COBIT- 5 Foundation nice to have but not mandatory
- Certifications on CISSP, CISM, CISA, CRISC are beneficial but not mandatory
Responsibilities:
- Continuous Compliance process
- Responsible overall for compliance posture of assigned environment
- Design and implement tests to ensure compliance outside audit cycle
- Assign controls to owners and follow through to completion
- Drive quarterly Internal Control Questionnaire (ICQ) process
- Provide reporting on overall compliance program
- Formulate and deliver compliance training and awareness workshops
- KPI Metric development
- Ensure control objectives and controls are mapped accurately and update as needed for assigned environment
Oversight and Governance :
- Participate in process and procedure reviews across Operations
- Assist in updating process materials as needed for compliance and governance work streams
- Ensure IT compliance incidents are addressed, documented, and resolved; makes recommendations in remediation efforts and follows to close
Audit Response :
- Intermediary between auditors (internal and external) and Operations
- Review evidence prior to submission to auditors
- Schedule interviews and meetings as needed to support audits, including onsite
- Work with Operations to ensure relevant evidence is gathered; upload evidence to ServiceNow
- Provide sound basis for the Management Assertion in SOC reports and update Narrative as needed
- Work with Operations to remediate any findings
- Report status to leadership
Other tasks and activities related to compliance as assigned
Didn’t find the job appropriate? Report this Job