Information Technology Compliance Analyst

company banner
Please refer to Job Description
Full Time, Contract Corp-To-Corp, Contract Independent, Contract W2, C2H Corp-To-Corp, C2H Independent, C2H W2, Part Time, 5 months
Telecommuting not available Travel not required

Job Description

Position Overview:
The Office of Information Security (OIS) ensures that security efforts throughout the company are coordinated and aligned with the company's business and IT strategy. This Office delineates the company's information security plans and ensures, in coordination with the Information Security Council, that resources and all implementation of plans, procedures, and standards are reviewed, supported, and deployed in the most effective and efficient manner and are consistent with overall risk management. The Office of Information Security needs a suitable resource to support the Compliance functions. The Analyst should be able to support Compliance function, wherein s/he will be expected to validate Key Controls in ITGC areas and assist in Control implementation and documentation of Processes and procedures to address internal controls over Financial Reporting requirements. S/he will be expected to develop test plans and procedures to access the effectiveness of controls and capable to assist in ISO 27001 & 27000 certification efforts.

Essential Job Functions:
• Assist in the development and implementation of sustainable compliance framework and processes in the company to meet IT policies, business requirements, and applicable legal and regulatory requirements
• Conduct IT Technology and process audits as well as compliance assessments based on COBIT, ISO 27001 & ISO 20000 frameworks.
• Assist in controls implementation, including documentation of processes and procedures to address Internal Controls over Financial Reporting (ICFR) requirements for the IT General Computer Controls (ITGC) for Information Security, Change Management, and IT Operations areas
• Independently assess the design effectiveness of IT General Computer Controls for Information Security, Change Management, and IT Operations
• Develop test plans and detailed test procedures to assess operating effectiveness of the IT General Computer Controls for Information Security, Change Management, and IT Operations
• Assess compliance against technical standards for various platforms and technologies.
• Collect, evaluate, and maintain data to ensure that required management reporting is completed as needed (this also includes inputting appropriate data into systems such as RSAM & Bwise)
• Assist in ISO 27001 & ISO 20000 certification efforts, including risk assessments, internal compliance assessments, and program management
• Assist in monitoring open audit items form audits, such as the company internal audit department (IAD) IT audits, external financial audits on Internal Controls over Financial Reporting (ICFR), and ISO 27001 & ISO 20000 certification audits to ensure execution of remedial activities defined in the agreed action plans and risk treatment plans
• Perform other duties in the compliance work program, as assigned

Educational Qualifications and Experience:
• Education: MA/MS (In Computer Science, Information Systems or a related technical field or equivalent combination of education and experience. BS/BA is minimum education requirement.)
• Role Specific Experience: Minimum 5+ years’ experience working in an information security, information technology or compliance related field;
• Experience in conducting design and operating effectiveness testing for the ITGCs
• Demonstrated experience in implementing compliance frameworks for financial services organization or organizations with similar information security needs and requirements
• Experience in conducting assessments, designing processes, and implementing SOX controls for the IT General Computer Controls (ITGCs) areas for the IT General Computer Controls (ITGC) for Information Security, Change Management, and IT Operations
• Experience in auditing platforms (UNIX, Windows) and databases (Oracle);

Certification Requirements:
• Industry certifications highly preferred, including but not limited to Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and Information Systems Security Management Professional (ISSMP)

Required Skills/Abilities:
• Familiarity and understanding of broad range of IT hardware and software products
• Good understanding of industry standards and regulations including COBIT, COSO, and SOX
• Good knowledge and demonstrated work experience of the use of ISO 27001 control framework and Information Security Management System (ISMS) implementation
• Demonstrated knowledge of IT and security controls for network, database, application and operating systems. Strong knowledge and work experience with logical access controls
• Knowledge of ERP and financial system including but not limited to SAP, PeopleSoft and Summit, Enterprise GRC systems such as BWise and RSAM
• Self-motivated with the ability to work independently and within groups with minimal supervision
• Excellent written and verbal communication skills, presentation, and problem solving skills, and ability to interact well with peers and internal customers
• Highest ethical standards

Desired Skills/Abilities (not required but a plus):

Pluses for Levels: (for level II, III):

Experience Matrix for Levels:
• Level II 5+ years of experience

Posted By

Nicholas Croce

1 Belmont Avenue, Suite 610 Bala Cynwyd, PA, 19004

Company Information

NTT DATA is an IT powerhouse and global innovation partner with 130,000 professionals based in over 50 countries. NTT DATA emphasizes long-term commitment and combines global reach and local intimacy to provide premier professional services, including consulting, digital, managed services, and industry solutions. We’re part of NTT Group, one of the world’s largest technology services companies, generating more than $100 billion in annual revenues and partner to 80% of the Fortune 100. Visit to learn more.
Dice Id : 10229323a
Position Id : 18-00021