Details
Senior IT Compliance Analyst
In this position you will perform IT process documentation to satisfy various IT control activities (e.g., SOX, Security, Privacy, PCI DSS, HIPAA, GDPR, FDA, CCPA, ISO) in a collaborative work environment.
Areas of documentation include, but not be limited to, compliance requirements, system access management, management self-assessments, IT operations, test validation, and change management.
The person filling this role will need to be proactive, have IT audit experience (especially as it relates to the regulatory requirements noted above) with appropriate certifications, know IT terminology, concepts, practices, supporting processes, and be able to work independently.
Responsibilities:Qualifications:Desired Qualifications:
In this position you will perform IT process documentation to satisfy various IT control activities (e.g., SOX, Security, Privacy, PCI DSS, HIPAA, GDPR, FDA, CCPA, ISO) in a collaborative work environment.
Areas of documentation include, but not be limited to, compliance requirements, system access management, management self-assessments, IT operations, test validation, and change management.
The person filling this role will need to be proactive, have IT audit experience (especially as it relates to the regulatory requirements noted above) with appropriate certifications, know IT terminology, concepts, practices, supporting processes, and be able to work independently.
Responsibilities:
- Conducts assessments of IT general, privacy and security controls as it relates to the regulatory requirements noted above
- Conducts PCI DSS Attestation of the Compliance process
- Communicates issues with control performance to Management promptly
- Communicates with internal/external auditors to verify control effectiveness and best practices
- Reviews and analyzes control evidence for issues. Works with IT teams and coordinate performers to ensure the correct, expected evidence is generated and retained promptly.
- Performs a validation of artifacts gathered as part of systems development life cycle and change management processes, including testing evidence
- Executes work programs to evaluate and test controls operating effectiveness as needed
- Participates in the implementation and performs testing of audit and governance policies, procedures, and tools
- Works closely with internal and external auditors as the backup to the Senior Manager, Global IT Compliance
- Works closely with global departments involved in IT controls related to SOX, PCI DSS, Privacy and Security, HIPAA, GDPR, FDA, CCPA, ISO, such as Finance, IT Infrastructure, ERP and Application Support, Legal, Genomic Labs, etc.
- When required, implements performs and/or monitors IT application and general controls, including privacy and security controls
- Documents and updates audit support procedures, narratives, and process flows when needed
- Provides training to employees on IT control processes and documentation as needed
- Participates in projects and new implementations as subject matter expert for IT controls, including the identification and evaluation of mitigating controls when needed, and oversees control implementation
- Support business with technical aspects of Data Protection Impact Assessments
- Will perform other functions as required
- Domestic and international travel is required
- Bachelors degree in business, accounting, finance, computer science, information systems, or a related discipline is required
- 5+ years IT audit experience, preferably in a public accounting or corporate environment
- Knowledge of the Sarbanes-Oxley Act of 2002, PCI DSS, and privacy regulations (e.g., GDPR, FDA, HIPAA, CCPA)
- Knowledge of IT security, access management, systems development life cycle, change management, IT operations, data center, and application controls
- Knowledge and experience with internal control frameworks
- Passing of background check, which may include verification of prior employment, criminal conviction history, educational and driving records
- Detailed-oriented, independent, and thorough in examination and analysis
- Excellent problem solving and analytical expertise
- Excellent written and oral communication skills in English. Other languages are desired.
- CISA, CRISC, CGEIT, or CISSP certification or in process
- Project management skills are highly desirable.
- Prior experience in an international enterprise environment is preferred.
- Extensive experience working in a team-oriented environment in a collaborative manner
- Ability to explain technical concepts to non-technical audiences
- Ability to suggest technological solutions