The Senior Systems Compliance Specialist will assist in the development and implementation of compliance programs for the organization and monitor business activities for compliance with applicable rules and regulations.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Conducting and assisting with regularly scheduled compliance audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates.
- Collaborate with department personnel to ensure that Sarbanes-Oxley 404 and PCI Regulation objectives, deliverables and timelines are met. Work with process owners to develop, maintain and review the Sarbanes-Oxley 404 and PCI documentation.
- Assist with coordination and performance of the quarterly and annual Sarbanes-Oxley 404 and PCI testing.
- Coordinate and track internal/external testing of controls and track the status of gaps and remediation actions. Considerable responsibility with regard to general assignments in planning time, method, manner, and/or sequence of performance of own work; may also occasionally assist in the planning of work assignments performed by others within a limited area of operation.
- Assisting team members and internal clients in addressing highly complex security and compliance issues applicable to enterprise environments and assisting in the remediation of deficiencies in internal controls (specifically with respect to the control environment).
- Assist with the development of departmental processes and procedures as well as the development of an automated System Compliance Activity Program.
- Collaborate with other Technology Services departments to ensure distribution of uniform governance documents and policies are centrally managed. Share and leverage successful products, processes and best practices across the organization.
- Communicate with TS administers, developers and support teams to help improve the Company’s security and compliance posture
- Prepare presentations and provide status updates as needed for use by management. Coordinate training on internal controls and company policies and procedures.
- Develop/maintain working knowledge of laws and industry guidance for establishing, maintaining and reporting on internal controls.
CORE COMPETENCIES & ACCOMPLISHMENT
- Strong knowledge of such fields as security, risk and compliance, auditing etc.
- Broad technical knowledge of information systems, networks, identity and access management
- Proficient in NIST, COBIT, ISO, and COSO frameworks
- Demonstrated ability to maintain confidentiality in working with information of propriety or sensitive nature.
- CISSP, CISM, CISA, CIA, or any other security certification a plus
- Ability to read and understand documents such as policy manuals, safety rules, operating and maintenance instructions, and procedure manuals; Ability to write routine reports and correspondence.
- Ability to effectively communicate information and respond to questions in person-to-person and small group situations with customers, clients, general public and other employees of the organization.