Company DescriptionHigh Tech Security industryJob DescriptionThis position will be responsible for working with the Information Security compliance team in operationalizing CCP (common controls platform) and our Controls Automation cloud security projects at Clients. The role includes being engaged in supporting and leading efforts pertaining to key regulations, privacy, and compliance program activities including SOX, Cybersecurity Maturity Model Certification (CMMC), and Cyber Essentials.This resource will ensure that Clients systems, information and physical assets are adequately protected and compliant while providing visibility to Management of the control status and top program risks on an ongoing basis.This resource should ensure the existence of appropriate security governance within the Clients Compliance Program scope including environments (policy, procedures, baselines and monitoring); assessment of required controls, and testing of adherence to required policies, procedures and monitoring. This position will collaborate with other members of the Security and IT teams to define appropriate and effective information security controls and will work with the various business units to implement. The position will also be responsible for performing risk assessments and gap analysis exercises while working collaboratively with Functional Business Unit and IT teams to implement required remediation effectively.The position must possess initiative and drive and have broad relevant technical knowledge for a cloud based environment. Good management expertise and excellent written and verbal communication skills are also key attributes for the position.Essential functions for this role include:• Perform a Gap analysis and implement required controls to meet Clients Compliance Program requirements in a cloud environment.• Maintain ongoing oversight of concurrent, company-wide programs and initiatives that impact the Compliance programs. Escalate and resolve risks and issues as required.• Develop and track towards a Corporate Compliance program roadmap.• Develop metrics and reporting to demonstrate compliance program compliance status.• Communicate the compliance risk posture and compliance effectiveness to Management on a scheduled basis.• Test for adherence to compliance controls, policies, procedures and standards.• Prepare for engagement reviews and quality assurance activities.• Work effectively with remote offshore team on assessments and compliance monitoring activities• Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures have been achieved timely.• Perform impact analysis as needed where controls fail or are considered ineffective.• Track mitigation steps and ensure that risks are managed appropriately and in a timely manner.• Assist with other GRC activities as required.• Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable compliance initiatives.• Assist with integrating compliance requirements into the organization's processes (e.g., change control, mergers and acquisitions) and life cycle activities.• Manages a complex group of projects and may need to act as a change agent• Manages timelines, resources, project plans, action item logs, status reports and statistics to ensure milestones, goals and commitments are met.• Work closely with both Internal and External audit teams.• Lead control integration efforts with new or existing systems and supporting architecture• Maintain knowledge and awareness of Clients and industry changes/developments in order to continually identify and evaluate key business areas, their respective business processes and controls• Understands business processes, process controls and its impact on financial reporting. Understands testing techniques and able to communicate test results/findings to various stakeholders or functional managersQualificationsRequirements• Bachelor's degree in Computer Science, or related discipline.• 5-7 years of Compliance, Security or Audit experience with at least 5 years of direct compliance experience across all domains preferably in a cloud provider environment.• Advanced security certifications like CCSP, CISSP, CISM, CISA, preferred• SAP knowledge and experience highly desired• HIPAA, PCI, ISO27001 experience a plus• Strong understanding of application, network, operating system and core infrastructure security concepts.• Excellent written and verbal communication skills.• Effective negotiating and problem solving skills.• Experience working with Internal and External Audit teams• Proactive and detail orientated team player.• Experience working with or utilizing the RSA Archer eGRC application a plus• Familiarity with common compliance frameworks such as COBIT, COSO, ISO27001, and industry recognized guidance such as NIST a plus• Strong analytical, diagnostic, critical thinking and project management skills• Ability to work efficiently and independently with minimal supervision• BA or BS degree or higher in IS or related field required;• Superb ability to represent data in graphical form• Experience with a large company and/or Big 4 accounting firmAdditional InformationAll your information will be kept confidential according to EEO guidelines.