Founder & Managing Director at Talent Toppers
Views:3607 Applications:49 Rec. Actions:Recruiter Actions:1
IT Compliance & Audit Delivery Role - Information Security (2-3 yrs)
- As a Compliance and Audit Associate you will work under the supervision of the Compliance and Audit Manager and report to appropriate local office management personnel. You will:
- Execute IT audit projects designed to provide assessment of internal control processes in accordance with COMPANYs IT policies, data security and privacy practices and legally binding contractual obligations and commitments to its clients.
- Perform IT risk assessments and third party cloud vendor security and privacy risk assessments.
- Execute detailed plans for performing individual audits in accordance with the COMPANY IT audit program.
- Prepare audit work papers and reports documenting the results of reviews of assigned activities and recommended management action.
- Participate in the planning and coordination of all audits of COMPANYs data security and privacy environment by COMPANYs clients.
- Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry IT trends to identify potential issues and risks.
- Participate in reviews of internal controls and security of systems under development as needed.
- With assistance from senior personnel, liaise with internal and external stakeholders to ensure IT compliance related documentation is kept up to date with COMPANYs compliance requirements, obligations and commitments, as needs evolve.
- Liaise with appropriate stakeholders including IT, Legal, HR, Finance and others, as needed, to ensure that compliance requirements are incorporated into COMPANY configured compliance workflow management tools.
- Assist with monitoring of ongoing organizational compliance with IT change management, logical and physical access, IT operations and other control procedures, as deemed necessary by management from time to time. Actively maintain findings and remediation recommendation registers. Track remediation activities to completion.
- Assist with the documentation of IT policies and procedures (e.g. IT change management, logical and physical access processes, data backups and restoration, disaster recovery processes).
- Assist with responding to client-driven RFPs, RFIs, and external security and privacy audits and questionnaires, as requested by management.
- Assist in the development of appropriate IT compliance training material and conduct training of impacted stakeholders, as needed.
- Assist with other IT audit and compliance related initiatives and special projects as assigned from time to time.
What are we looking for?
A successful Compliance and Audit Associate possess the following characteristics:
- BS/BA in computer science or related field with record of high academic achievement. Management Information Systems (MIS) degree or specialization highly preferred.
- Corporate or consulting firm IT audit/assurance engagement experience required. Big 4 IT assurance/public accounting firm experience, while not required, is strongly preferred.
- Certified or eagerness to become certified in one of the following IT audit related certifications while working at COMPANY (e.g. CISA, CISSP, CRISC, ISO27001 Lead Auditor).
- At least 1 year of hands on experience performing IT audits end to end including the documentation of audit plans, audit test scripts, audit narratives, test results, findings and remediation recommendation listings.
- At least 2 years of experience participating in IT audit engagement lifecycles (e.g. US SOX, US SOC1 & SOC2 audits) with some senior personnel oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement.
- Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers.
- Experience documenting IT policies and procedures (e.g. IT change management, logical and physical access, data backups and restoration processes).
- Excellent communication and organizational skills preferably with international exposure.
- Excellent command over the English language, verbal and written; experience writing IT audit narratives and reports required.
- Demonstrated ability to work independently and as part of a team of IT audit professional peers strongly preferred
- Ability and willingness to work hours which overlap with US time zones (e.g. US Central Time zone)
- Ability and willingness to travel to the US and other COMPANY offices, if needed, to assist with compliance and audit engagements, on a periodic basis.
Technical expectations include proficiencies in the following:
- Basic working knowledge of web based applications, operating systems and databases including Windows Active Directory, Linux, Microsoft SQL and Oracle.
- Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, Access, SharePoint)
- Basic working knowledge of various control frameworks including:
- COBIT Control Objectives for Information and Related Technology
- ISO/IEC 27001:2013 Code of Practice for Information Security Management
- NIST SP 800-53
- HIPAA/HITECH Security and Privacy Audit Protocol
Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including:
- US SOX Sarbanes Oxley Act
- US HIPAA/HITECH Act
- EU GDPR General Data Protection Regulation
- US EU Privacy Shield
- India IT Act (data privacy provisions)
- India Companies Act