Job Details

ID #15347605
State Georgia
City Kennesaw
Job type Permanent
Salary USD TBD TBD
Source Wolters Kluwer
Showed 2021-06-11
Date 2021-06-10
Deadline 2021-08-09
Category Security
Create resume

Senior IT Security Analyst - RISK & AUDIT

Georgia, Kennesaw, 30144 Kennesaw USA

Vacancy expired!

Basic Function

Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity and reduce time to market for products and applications.

We have an amazing opportunity for a Senior IT Security Analyst - RISK & AUDIT, available within our Global Business Services division! This position has been created due to growth. In this role you will be working with a team to manage our enterprise IT Risk management process, working closely with project teams as well as internal / external groups to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets.

Candidate will be tasked with managing the responsibilities including but not limited to IT Risk Assessment, Work with external partners to manage all SOC 1&2 audit reports for all divisions across WK. Manage to resolution all findings and observations identified from all sources of audits and assessments from both internal and external entities. Proactively work with internal Subject Matter Experts to build control structure to prevent future reoccurrence, as well as, update WK's internal control catalog to meet the variety of standards, laws and regulations.

Essential Duties and responsibilities
  • Lead/Manage and play a key role in governance, risk and compliance related assessments, policy and procedures, awareness and training for end users, change management, internal control identification and measurement per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.
  • Lead risk methodology development and execution maintain updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, in addition to other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.
  • Work across matrix business environments both internal and external for risk and compliance (audit) readiness for regulatory reviews, SOC1, SOC2, SOX, and other industry requirements such as HITRUST, GDPR.
  • Manage full end-to-end delivery of assigned project(s), people and process. Provide guidance to other Risk teams across various organizations as requested.
  • Lead/Manage builds of internal control catalogues and measurement methods/metrics for risk exposure. Work with business units in a consulting role to assist in their understanding of internal controls and measurements in addressing strategic initiatives, business/client drivers and concerns, future audits and compliance requirements.
  • Lead/Manage methodology development, updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, strategic leadership initiatives, and other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA
  • Lead/Manage investigations, evaluations and remediation of operations risk/loss events including root cause analysis and process improvement recommendations within the scope of GRC; monitor remediation plans. Develop strategies to handle risk incidents and trigger investigations.
  • Lead governance, risk and compliance (GRC) liaison with internal and external audit resources, external customers and government regulators, domestic and international.
  • Actively support business units request for information and data security risk, technology risk, technical vendor relationship management, product selection and design related to the authority and responsibility of GRC within an Enterprise Risk Management (ERM) model.
  • Promote a positive, entrepreneurial, consulting, performance focused culture within governance, risk and compliance (GRC) that works effectively with stakeholders in the development and launch of services and programs that support compliance and company growth.
  • Work with divisional management to develop long-term risk strategies, annual risk assessments, risk measurement metrics and tactical plans to reduce company risk exposure.
  • Support the coordination, tracking and reporting on divisional and business units' metrics, results, data modelling, processing, calculating and transformation into meaningful risk metrics and reports.
Job QualificationsEducation:
  • Bachelor's Degree in Accounting, Computer Science, Risk Management or equivalent years in experience
  • Preferred certifications: Certified Information Systems Auditor (CISA), Certified Risk Manager (CRM), Certified in Risk and Information System Controls (CRISC), Certified Information System Security Professional (CISSP), or equivalents.
  • Minimum 5 years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.
  • Minimum 3 years of hands on combined experience with financial and information technology internal controls design, test, audit, risk assessments, investigations, findings and remediation.
  • Minimum 5 years of hands on combined experience, preferred in business process design, system integration, identity access & management, data privacy and protection, system development life cycle (SDLC), vulnerability assessment, information technology security, incident response, vendor management, backup and recovery and continuity planning.
  • Experience in operational leadership roles that include domestic and international; diverse industry experience preferred, ; consulting services, financial services and banking, insurance and healthcare, risk and compliance.
  • Minimum 3 years of audit experience with SOC1, SOC2, SOX 404 and healthcare regulatory compliance.
  • Minimum 3 years of combined hands on operational experience in; accounting, tax, payroll, human resources, information technology operations, information technology security, risk management.
  • Government experience, prefer domestic and international.
  • Experience as Subject Matter Expert (SME); working with industry frameworks including; COSO, ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA and GDPR.
  • Experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.
  • Advanced written, verbal and presentation skills; including interactions with key stakeholders, internal executive management and external executive management and senior leaders.
  • Experienced working in remote environments. Independent, motivated self-starter with the ability to analyze complex problems, think critically, problem solve, influence change, provide thought leadership.
  • Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers
  • Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.
  • Ability to travel to customer sites as needed
Travel requirementsRequired travel up to 25%, domestic and international.

The above statements are intended to describe the general nature and level of work being performed by most people assigned to this job. They re not intended to be an exhaustive list of all duties and responsibilities and requirements.

Vacancy expired!

Subscribe Report job