Published: May 22, 2020
- Build close partnership with Global Security and Privacy Office and stay current with regulations in global markets; anticipate upcoming business and commercial software product needs to comply with regulations/policies.
- Review and establish appropriate IT and business operations controls to ensure appropriate compliance with relevant regulations and risk management needs.
- Effectively partner with and direct technical and software product teams to ensure accurate risk assessments and quickly determine appropriate remediations.
- Process requests and inquiries from external clients and internal teams related to security/privacy assessments and compliance with secure SDLC processes.
- Lead and/or support audit activities with external clients and oversee necessary remediation plans and delivery.
- Support success and effectiveness of SOC 2 attestation and underlying controls.
- Manage compliance with key internal policy partners and critical external vendors.
- Execute key processes to ensure compliance with various programs (vendor selection/management, control risk reporting, etc).
- Analyze business and software agreements, take lead on developing client service level agreements with technical teams, and advise senior management on improvements for managing service level agreements.
- Develop and manage overall Client Compliance Plans to ensure that, across all delivery teams, client contractual commitments are met.
- Map out current state and future state business/data/system flows as needed and evaluate, recommend, and drive decision making on risk-based approaches avoid client risk.
- Produce high quality compliance, governance, and business operations reporting including KPIs and other business-critical information for senior leadership and internal stakeholders.
- Perform key business and financial analysis as needed to support key governance initiatives.
- Provide risk management reporting to Executive Director and lead initiatives as assigned to respond to specific risks.
- Facilitate the alignment and transformation of budget/actuals to decision support models and supports all areas of Technologies with the building and tracking of business cases.
- Ensure end-to-end alignment of resource time tracking that allows Executive Directors and VPs to manage budgets effectively.
- Maintain regular and predictable attendance.
- Perform other duties as assigned.
- Act as liaison between internal management (e.g. IT, Compliance, Risk, Finance), external auditors, and co-sourced auditors.
- When acting as manager of other auditors, lead by example through active participation and coordinates audit activities including: *Provide expertise to audit staff regarding departmental audit procedures and audit tools; *Direct and motivate audit staff to ensure timely completion of audits; *Evaluate audit procedures, work paper documentation and audit conclusion for completeness; *Recommend changes to audit procedures to enhance efficiency and respond to change.
- Leverage expertise to identify key IT risks and automation within operational, business, and IT-related processes and activities.
- Comfortable handling appropriate levels of risk and uncertainty.
- Revise existing procedures to enhance efficiencies or to capture changes in the risk posture.
- Partner with Information Security and ensure proper adherence to Incident Response Plan in response to any suspected security incidents.
- Bachelor’s Degree in Management Information Systems, Accounting, Business or equivalent combination of related work experience and education.
- Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Public Accountant (CPA), Certified Internal Auditor (CIA), or equivalent certification(s).
- 10+ years’ experience in software development, product management and services delivery organization.
- 5+ years’ internal or external audit or equivalent experience.
- Advanced degree in Management Information Systems, Accounting, Finance or equivalent education.
- Experience managing SOC 2 audits.
- Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP).
- Extensive knowledge of global data privacy and cyber security regulations.
- Prior experience in a public accounting firm.
- Prior leadership position in reinsurance or insurance audit experience.
Skills and Abilities
- Advanced knowledge and application of risk-based auditing.
- Takes accountability for self and team.
- Self-starter and motivator; consistently takes initiative.
- Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables.
- Competent interpersonal skills, demonstrating the ability to lead projects and mentor others in a constructive and professional fashion.
- Able to work independently and embrace ambiguity while learning a complex business and IT environment.
- Ability to evaluate business processes and IT technology, identify risks and controls.
- Able to work within a dynamic, global team environment and willingly participates in department projects.
- Routinely displays a positive attitude and is solution-oriented.
- Advanced oral and written communication skills.
- Consistent history of producing high-quality deliverables before deadlines.
- Complex investigative, analytical and problem-solving skills.
- Ability to translate business needs and problems into viable and accepted solutions.
- Actively seeks and establishes partnerships with individuals across a wide variety of operational, functional, and technical disciplines; exhibited experience in establishing communication protocols with various managers and leaders in the organization.
- Proficient using Microsoft Office products (Word, Excel, PowerPoint), ACL, and SQL Query tools (e.g. TOAD).
- Advanced experience related to IT General Controls, system reports, system interfaces, and end-user computing.
- Able to travel approximately 0 - 10%.
- Experience with SQL, Toad, ACL and electronic work paper tools (e.g. Teammate or equivalent).
- Experience with PeopleSoft, Oracle database, Windows / SQL server.
- Experience auditing cloud computing environments (e.g. Amazon Web Services (AWS)).