Job Description:
Have a good understanding of SOX, PCI, SOC1/SOC2, NIST RMF/ CSF, ISO 27001, and ISO 27005 standards.
Have 3 6 years of experience in conducting Gap Assessments, Regulatory Compliance Assessments across the organizational assets (On prem and Cloud) towards these standards, identify areas of improvement and develop mitigation measures or additional controls.
Ensure compliance with all applicable policies, regulatory requirements, and standards.
Have minimum 3 years of experience in SOX onboarding process and compliance assessments.
Have minimum 3 years of experience in PCI standards assessment.
Work with process owners to identify and understand new business processes or changes to existing processes including process narratives, related flowcharts, and the identification and documentation of key controls.
Understand and implement procedures for company wide adherence to SOX, PCI, ISO27001 and other compliance programs.
Have developed audit reports on the implementation status for the application and controls in scope.
Hands on working with Application teams bringing the application once in scope for SOX to go live
setting up audits, reviewing the audits/baseline audits, understanding of dataflow/architecture to understand impacts, defining key controls.
Follow up on audit recommendations.
Understanding the difference between SOC1 and SOC2 and testing procedures/ test cases
Should be able to correctly identify on what environments does SOX apply.
Should be able to distinguish controls that are applicable to variable cloud offerings.
Have good understanding/ in depth about Complementary User Entity Controls (CUECs)
Preferred cloud experience with SOX
Helping in remediation of findings
understand the defect and how to remediate.
Being able to act as SME and ad hoc help application teams with questions to ensure SOX compliance meets regulatory requirements. Qualifications and Certifications:
Bachelor degree in Accounting, Finance, Engineering, or related field. Aware of new developments in advisory services capabilities and industry knowledge
Familiarity with project management practices and techniques
Strong interpersonal skills, critical thinking skills, and time management skills Proficient verbal and written communication skills Comfortability working in a collaborative environment.
Certifications (at least one or more of these): CISA, CISM, ISO 27001 Lead Auditor, Google Cloud Security Professional (GCP).
Any Graduate