Experienced with control frameworks used in IT SOX, COSO, COBIT and how this applies to the achievement of IT SOX objectives - Technology Compliance and Information Security.
Requires technical knowledge of IT controls,SOX and PCI compliance.
Extensive experience and knowledge on design of IT General Controls, IT Application Controls, PCI Compliance and SOX compliances.
Have worked within a large corporation collaborating with IT, the business, and Internal and External Audit teams.
Strong understanding and application of IT risk and cybersecurity frameworks such as (SOX, NIST, PCI-DSS, COBIT, COSO)
IT Operational Processes and Process Improvement (e.g. ITIL& ITSM processes)
IT Governance, Risk and Compliance (including IT Risk Frameworks and standards such as SOC2)
Providing direction and support to the stakeholders for control design, analysis, collection of data and preparing reports for the operational, legal financial risk
Familiar with on premise and Cloud based IT platforms
Excellent written and verbal communication skills to engage in the conversations with multiple stakeholders.
Your Responsibilities
Responsible for Design and ensure that all business has robust compliance processes in place and that they are adhered to efficiently and effectively by organization.
Focus on the SOX audit, PCI compliance, and other areas of compliance related to IT and security.
Understanding existing controls, identifying gaps in the current control environment and recommending additional controls to mitigate the open risks.
Document processes, analyze controls, procedures and develop recommendations using sound business judgment.
Write policies and/or control and implement where required.
Strengthens the SOX audit and managing the entire compliance processes that will help in accurate and transparent financial reporting.
Ensure compliance with company policies and procedures and controls.
Performing internal audits, process reviews, SOP documentation and review of policies and procedures
Evaluate existing and new evolving regulations programs.
Contribute to the development of audit processes improvements.
Collaborate with Technology teams to provide feedback and suggestions on all security aspects until the controls are implemented.
Managing and maintenance of Dashboards related to Technology compliance and deficiencies identified.
Your Experience And Capability
Perform Security Reviews and Periodic Reviews for IT systems.
Modify and Review existing Compliance documentation (e.g. Standard Operating Procedures, templates, strategy documents) focusing on continuous improvement and following up on gaps or discrepancies
Use knowledge of the current environment and industry trends to identify potential audit issues.
Work with System Administrators/Subject Matter Experts ensuring ongoing compliance with company Quality& regulatory Standards and Practices.
Draft, review, finalize and deliver audit reports, communicate finds and recommendations in an effective manner to compliance, IT, finance, commercial, legal, HR and operational leadership.
Involve in auditing and assuring the IT compliance under SOX IT Controls and thereof suggesting the defining process, frameworks, policies, procedure, and guidelines.
Perform and Support Assessment Program, Technology Risk and Control Monitoring Program
Assess potential regulatory changes and impact to business and its operations.
Translate, regulatory requirements and educate technology and business teams.
Perform controls testing, document result and share updates to leadership group and stakeholder.
Identifying gaps and risk to assist through remediation of control deficiencies identified during the audit process.
Collaborate with various IT departments and control owners to understand, assess and address operational and compliance risk and exposures via risk and control design assessment.
Maintaining the controls and mapping with the requirements.
Monitor the related IT controls and supervising any changes through implementation.
Design to perform server and security audits, system backup procedures, and other recovery processes in accordance with disaster recovery and business continuity strategies.
Design to implement security systems compliance and redundant backups to maintain data safety, appropriate level of access and permission grant to users for daily business operations and report for any unauthorized access as identified.
Address the governance issues including testing of policies, procedures, guidelines, training manuals, process of grant of access. Preparing summary report with findings, suggestions, improvements, and issues as identified.
Providing direction and support to the stakeholders for control design, analysis, collection of data and preparing reports for the operational, legal financial risk
