Fortune 500 Software Company
This is a great job with a leader in the InfoSec software industry! In this role, you will work on complex Governance, Risk and Compliance projects for internal and external customers.
Principal Duties and responsibilities
- Develop project requirements, objectives, plans, schedules and tasks for both IT and the business community related to compliance activities.
- Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitating the timely resolution of any audit findings.
- Ensure reports and findings are delivered in a timely and appropriate manner to management
- Facilitate compliance with the internal control standards via regular monitoring of related activities using RSA Archer.
- Execute multiple security control validation programs simultaneously with specific deadlines.
- Recognizes and identifies potential areas where existing policies, standards and procedures require change.
- Manage the progress of remediation steps on identified control deficiencies via RSA Archer.
- Execute to successful completion of GRC work products.
- Support additional internal and external compliance activity as part of the ISGRC team.
- Utilize RSA Archer for reporting on various GRC projects.
- Strong project management and communication skills (written and oral) with internal organizations and external/internal auditors.
- Experience with RSA Archer preferred.
- Skilled in verbal and written communications with the ability to express medium complexity technical concepts in business terms.
- Excellent teamwork and client service skills
- Bachelor’s Degree combined with 3-6 years of related experience in IT Audit or Compliance.
- Possession of the CISA designation required.
- Possession of standard certifications in Information Security or Compliance preferred (CISSP, CISM, CRISC, PCIP, PCI ISA, or PCI QSA).
- Experience with Information Security, Compliance & IT Management Standards; ISO27001, PCI-DSS, Trust Service Principles/SSAE-16 SOC1 & SOC2, SOX, HIPAA, GLBA, NIST 800-53, COBIT, & COSO
- Strong understanding of business applications, including ERP and financial systems.
- Knowledge of Enterprise Risk Management
- Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
- Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
- Proficiency with Microsoft Office software, Excel, Word, PowerPoint, Visio and SharePoint.