The System Analyst of Infrastructure Delivery – Audit and Compliance Management, supports and monitors IT governance and risk management strategies across the technology landscape that comply with applicable regulations, and cybersecurity and IT policies. This strategic role is responsible for implementing technology risk mitigation strategies emerging from audits, cyber threats, data privacy regulations and IT operations. You will play a vital role to ensure critical technology services and capabilities remain operational, stakeholders are kept abreast, and financial & reputational loss is prevented.
You will help Infrastructure Delivery and Shared Services (I&DSS) team build the audit and compliance muscle to effectively respond to any internal/external audits or assessments. This includes sharing best practices of internal controls with process owners, conducting mock-audits/readiness checks, supporting the tracking and reporting of any findings with associated teams utilizing data analytics, and guiding process owners to drive issue closure. You will leverage automation to gather evidence, build audit reports, status reports on compliance and improve control design. Additionally, this role will assist the development of proactive risk management including communicating emerging risks and advising on the implementation of expected controls for effective risk mitigation across our technology landscape - for our customers, our associates, and our communities. We are seeking a highly motivated individual who can bring a solution-oriented mindset and is able to deliver quality results by overcoming ambiguity.
Required:
- Undergraduate degree in Business, Finance, Information Technology, Cybersecurity, Data Analytics, Robotics, or related discipline and/or equivalent experience/certification
- 3-5 years of IT experience within a large IT infrastructure that also includes:
o 2 years in IT infrastructure risk, governance, audit and compliance for legacy and cloud native environments
o 2 years leading and/or executing audits, compliance activities and risk mitigation strategies
o CISA/CRISC/CISSP professional certification(s)
Preferred:
- Graduate Degree in a technical discipline
- Working knowledge of Public Clouds and cloud native technology risk management techniques
- Experience in information security, audit, and compliance practices and automation
- Previous audit and/or compliance experience with SOX ITGC and non-SOX IT infrastructure cybersecurity and data protection controls. Working knowledge of leading industry frameworks, standards and best practices (e.g., NIST CSF, ITIL v3/4, PCI DSS, CIS benchmarks, COBIT) and experience across IT and security processes including but not limited to identity & access management, system hardening, network security, patch management, change management, modern development (e.g., DevSecOps, Agile), and asset management.
- Experienced in evaluating and advising the design and implementation of controls used for cloud/non-cloud environments
- Experience with major enterprise GRC, DevSecOps, cybersecurity technologies (e.g., ServiceNow, Jira, Confluence, Splunk, CrowdStrike, etc.)
- Experience in working with cross functional, sourced, or matrixed teams
- Strong problem resolution skills
- Strong attention to detail with proven ability to effectively prioritize and execute tasks in a high-pressure environment
- Excellent verbal and written communication skills for a wide range of audiences including senior leaders, business stakeholders and IT teams
- Ability to work and navigate in a dynamic environment
- Experience operating in Scaled Agile Framework environment
- Strong data analytics technical skills (e.g., PowerBI) to support reporting and BI needs
CORE WORK ACTIVITIES
- Support security issue management work
o Actively monitor and follow up on open security issues and internal audit findings on a daily basis
o Coordinate with compliance point of contacts in other functional areas to gather status and obtain context of open security issues, recommend path forward to drive issue closure, and support internal and external reporting of pre-defined issue metrics
o Serve as the key resource to provide clarification of issue management process for I&DSS issue owners
- Assist the regulatory compliance work
o Support the tracking of active/planning work by process owners
o Support the development of control description
o Help advise on control design, implementation and effectiveness and validate the adequacy of supporting documentation
o Assist the automation of compliance evidence gathering and reporting to drive adherence to policy and to reduce human error
- Support the development of I&DSS audit and compliance program including planning activities and I&DSS control assessments covering infrastructure and operations, network, workplace services, and infrastructure security, cybersecurity, cloud and third-party risk, programs and projects via automation of I&DSS controls evidence gathering
o Understand the impact on on-premises technology and cloud technology, operational risk to the I&DSS organization
o Perform mock audits to assess the effectiveness of controls by interviewing process owners and review supporting evidence
o Lead kickoff, status, and closing meetings with team and key stakeholders and contribute to I&DSS audit knowledge base and internal practice development initiatives
o Prepare clear, written, fact-based reports for the leadership use, working with management to detail action steps to reduce risk
o Assist ad hoc / special I&DSS audit projects and participate in various business initiatives to assess the impact to the internal controls environment (e.g., new system implementation pre – and post – reviews and automation of manual controls)
- Coordinate with external/internal auditors, internal leaders, and process owners to ensure engagement and timely execution of audit work impacting I&DSS organization
- Assist the development of key metrics for proactive risk management. Apply data analytics to build dashboards for effective reporting and support data-driven risk management activities
- Other duties as assigned
Managing Projects and Priorities
- Develops specific goals and plans to prioritize, organize, and accomplish work for self
- Provides assistance to other teams regarding projects – utilize Jira to help track the work of cross-functional teams
- Analyzes information and evaluates results to choose the best solution and solve problems
- Thinks creatively and practically to develop, execute, and implement new plans or programs. Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Provides recommendations to improve the effectiveness of processes or programs
- Understands and meets the needs of key stakeholders
- Supports achievement of performance goals, budget goals, team goals, etc.