Sr. Cyber Security & Compliance Specialist
- Coordinating and executing compliance programs for Client's ( Confidential ) Technology, including Sarbanes - Oxley, Payment Card Industry (PCI), and Data Protection Program (to adhere with data privacy regulations) and others projects.
- Responsible for compliance activities for Confidential domestic locations, as well as providing guidance and partnership to the Confidential international locations.
- Responsible for system security efforts by providing appropriate access to and protecting the confidentiality and integrity of customer and business information in compliance with enterprise policies and standards. Utilizing Tripwire, Imperva, FireEye, Guardium and other information security tools, responsible for the research, technical analysis, recommendation, configuration, and administration of systems and procedures to ensure the protection of information processed, stored or transmitted.
- Developing the overall timelines and project plans for necessary compliance work, including the following types of activities: collection and QA of requested documentation, process and control walkthrough’s, testing, observations/interviews with Auditors, and remediation to address any control gaps.
- Working with Confidential internal and external auditors as they conduct their audits;
- Coordinating and facilitating site visits, providing external auditors and QSAs with all requested documentation, and addressing resulting questions or concerns.
- Partnering with internal stakeholders, of varied leadership levels, with responsibility for in-scope applications to educate them on compliance requirements, ensure appropriate controls are in place to meet the requirements and assist them with outlining remediation plans to address any deficiencies.
- Providing work direction to compliance team members, including on-site and off-shore resources.
- Working with Confidential resources to ensure alignment with the overall enterprise Compliance programs.
- Analyzing changes in regulations for Confidential ’s compliance programs and implementing plans for these to be sufficiently addressed.
Sr. Security Auditor IT Security & Compliance
- Planning, Partnering with PwC, KPMG, BDO and internal BAS application teams on SOX 404 related efforts, documentation of in-scope applications, systems and databases, identification of key controls, development of test plans, and remediation of control deficiencies;
- Performing maintenance of the SOX 404 software including uploading required control documentation and test results, running quarterly and annual reports, and monitoring business units’ quarterly certification reporting
- Supporting BAS Compliance & Controls in special projects as we implement new applications and tools;
- Collaborating with BAS application teams to understand, evaluate, and improve processes and internal controls;
- Managing the Model Contracts (GDPR) program for the 32 in-scope applications to ensure that these application meet all the Corp Compliance requirements to pass a Management Audit;
- Working with Confidential Controllership Audit teams to ensure efficiency of fieldwork in regards to BAS applications and remediation of audit findings and meeting audit deadlines;
- Advising application owners with security & risk assessments functions, assess and prioritize risks across the components of the IT environment (application, operating system, and database);
- Performing Quarterly User ID reviews at server OS, Application & Database layers, PCI compliance activities for servers; SAP Security & change management reviews;
Senior Compliance Coordinator
- Evaluate and recommend Command Center Operations processes changes based on ITGC requirements, confidence limits, process performance and discovered flaws and deficiencies.
- Develop and conduct various forms of user-focused, system-level verification for production cycles’ processes.
- Advising stakeholders and process owners on SOX 404 controls related to migration of production processes from Control-M to Automic UC4 Automation Platform.
- Consult the process owners and fictional groups on optimization of production workflows, critical event responses and compliance aspects;
- Utilize knowledge of SOX404 GCC in production process automation SDLC, system administration, databases, mainframe, networks and quality engineering at all levels within the software-hardware integrated systems.
- Manage projects as required utilizing best practice project management skills and tools.