Overview
On Site
0/hr - 56.46/hr
Full Time
Skills
IT Risk
Process Improvement
IT Audit
Risk Management
IT Security
Internal Control
System On A Chip
PCI DSS
Sarbanes-Oxley
NIST 800-53
Information Security
Organizational Skills
Communication
Presentations
Business Analytics
Business Analysis
Computer Science
Management Information Systems
ISO 9000
CISA
CISSP
ISO/IEC 27001:2005
Cyber Security
Management
Product Development
Mapping
Database
Continuous Monitoring
Security Controls
Reporting
Auditing
Dashboard
Real-time
Leadership
Partnership
Legal
Regulatory Compliance
FOCUS
Job Details
IT Risk and Compliance Analyst
Location: San Diego, CA or Atlanta, GA - hybrid schedule
Duration: 6 months to start
We are looking for a motivated, innovative, and passionate IT Risk and Compliance Analyst who is driven by identifying ways to automate controls oversight through real-time monitoring and reporting. This professional will help improve GBSG and Intuits overall compliance program by identifying and driving process improvement opportunities and advocating for change; continuously monitoring the control environment for non-compliance; and reducing audit fatigue; all while establishing trusted partnerships with our global stakeholders to efficiently drive compliance by design.
Intuit prides itself on being innovative, bold, and passionate. This is an exciting opportunity that will be supporting some of our most important and visible compliance initiatives such as ISO 27001, SOC 1/2/3, PCI DSS, IFI/NYDFS, SOX, and other cybersecurity regulatory audits. The Technical This resource has the opportunity to work within a constantly rapidly evolving technology landscape and re-imagine compliance posture management.
Required Skills & Experience:
4+ years working experience in a technology audit, security risk management, and/or security compliance role.
Demonstrated experience with IT/security internal control definition, development, automation, implementation, and monitoring.
Extensive experience driving auditing compliance programs in accordance with security frameworks (such as ISO 27001, SOC 1/2/3, PCI-DSS, IFI/NYDFS, SOX, and/or NIST 800-53) across multiple business units with differing business requirements
Functional knowledge of multiple security domains and information security industry standards and best practices.
Understanding of cyber risks management practices, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.
Good organizational skills, proactive and self-sufficient with a proven ability to work independently.
Drive, determination, and the ability to overcome roadblocks and initial objections.
Ability to effectively prioritize and execute tasks, while balancing multiple projects simultaneously.
Ability to work collaboratively with multiple stakeholders across different backgrounds and skill sets.
Strong written, verbal communication, and presentation skills.
BS/BA College Education in a related field (e.g., Computer Science, MIS) or equivalent relevant experience.
Security-related certifications such as ISO Lead Auditor, CISA, and/or CISSP would be desirable.
What You Will Be Doing
Lead scope expansion opportunities by developing and leveraging a risk-based methodology when introducing new and existing service offerings and its underlying infrastructure components within the scope of applicable audits.
Lead and manage all aspects of applicable cybersecurity audits, such as scope expansion, audit readiness, walkthroughs, evidence collection, and liaising with internal and external auditors.
Drive adoption of emerging compliance framework requirements (e.g., ISO 27001:2022) through thorough analysis and prescriptive guidance.
Evangelize Intuits unified controls database to applicable stakeholders (i.e., control owners, Compliance SMEs) to ensure there is a clear understanding of roles and responsibilities.
Support the policies and standards lifecycle process to ensure they address all current and emerging cybersecurity regulatory requirements.
Have customer obsession and empathy for the needs of our small business customers and stakeholders; be a valued business partner, ensuring we are meeting all compliance commitments, and provide periodic updates on their compliance status to management.
Work closely with the Product Development teams to define requirements within the automate compliance platform tooling, such as control definitions, attribution, evidence, framework mapping, etc.
Support the controls lifecycle process through periodic assessments of Intuits unified controls database.
Identify control deficiencies through risk-based continuous monitoring assessments and security controls campaigns and provide recommendations that can be reasonably adopted.
Document and report noted audit findings and work with control owners on remediation requirements, strategy, and execution.
Regularly monitor remediation activities for noted findings and escalate remediation plans that are at-risk of being overdue.
Develop and maintain compliance monitoring dashboards to provide real-time and on-demand compliance status metrics that can be presented to leadership.
Work closely with control owners (or Providers) to identify ways to effectively monitor compliance posture through automation.
Establish partnerships with cross-functional teams such as Legal, HR, Security, and IT to ensure they understand their roles when supporting the compliance program.
Regularly assist with answering and reviewing third party vendor risk and compliance questionnaires with a focus on automation and consistency in response.
Location: San Diego, CA or Atlanta, GA - hybrid schedule
Duration: 6 months to start
We are looking for a motivated, innovative, and passionate IT Risk and Compliance Analyst who is driven by identifying ways to automate controls oversight through real-time monitoring and reporting. This professional will help improve GBSG and Intuits overall compliance program by identifying and driving process improvement opportunities and advocating for change; continuously monitoring the control environment for non-compliance; and reducing audit fatigue; all while establishing trusted partnerships with our global stakeholders to efficiently drive compliance by design.
Intuit prides itself on being innovative, bold, and passionate. This is an exciting opportunity that will be supporting some of our most important and visible compliance initiatives such as ISO 27001, SOC 1/2/3, PCI DSS, IFI/NYDFS, SOX, and other cybersecurity regulatory audits. The Technical This resource has the opportunity to work within a constantly rapidly evolving technology landscape and re-imagine compliance posture management.
Required Skills & Experience:
4+ years working experience in a technology audit, security risk management, and/or security compliance role.
Demonstrated experience with IT/security internal control definition, development, automation, implementation, and monitoring.
Extensive experience driving auditing compliance programs in accordance with security frameworks (such as ISO 27001, SOC 1/2/3, PCI-DSS, IFI/NYDFS, SOX, and/or NIST 800-53) across multiple business units with differing business requirements
Functional knowledge of multiple security domains and information security industry standards and best practices.
Understanding of cyber risks management practices, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.
Good organizational skills, proactive and self-sufficient with a proven ability to work independently.
Drive, determination, and the ability to overcome roadblocks and initial objections.
Ability to effectively prioritize and execute tasks, while balancing multiple projects simultaneously.
Ability to work collaboratively with multiple stakeholders across different backgrounds and skill sets.
Strong written, verbal communication, and presentation skills.
BS/BA College Education in a related field (e.g., Computer Science, MIS) or equivalent relevant experience.
Security-related certifications such as ISO Lead Auditor, CISA, and/or CISSP would be desirable.
What You Will Be Doing
Lead scope expansion opportunities by developing and leveraging a risk-based methodology when introducing new and existing service offerings and its underlying infrastructure components within the scope of applicable audits.
Lead and manage all aspects of applicable cybersecurity audits, such as scope expansion, audit readiness, walkthroughs, evidence collection, and liaising with internal and external auditors.
Drive adoption of emerging compliance framework requirements (e.g., ISO 27001:2022) through thorough analysis and prescriptive guidance.
Evangelize Intuits unified controls database to applicable stakeholders (i.e., control owners, Compliance SMEs) to ensure there is a clear understanding of roles and responsibilities.
Support the policies and standards lifecycle process to ensure they address all current and emerging cybersecurity regulatory requirements.
Have customer obsession and empathy for the needs of our small business customers and stakeholders; be a valued business partner, ensuring we are meeting all compliance commitments, and provide periodic updates on their compliance status to management.
Work closely with the Product Development teams to define requirements within the automate compliance platform tooling, such as control definitions, attribution, evidence, framework mapping, etc.
Support the controls lifecycle process through periodic assessments of Intuits unified controls database.
Identify control deficiencies through risk-based continuous monitoring assessments and security controls campaigns and provide recommendations that can be reasonably adopted.
Document and report noted audit findings and work with control owners on remediation requirements, strategy, and execution.
Regularly monitor remediation activities for noted findings and escalate remediation plans that are at-risk of being overdue.
Develop and maintain compliance monitoring dashboards to provide real-time and on-demand compliance status metrics that can be presented to leadership.
Work closely with control owners (or Providers) to identify ways to effectively monitor compliance posture through automation.
Establish partnerships with cross-functional teams such as Legal, HR, Security, and IT to ensure they understand their roles when supporting the compliance program.
Regularly assist with answering and reviewing third party vendor risk and compliance questionnaires with a focus on automation and consistency in response.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.