Security Compliance Audit
UPK01 - San Jose, CR, Ultrapark 2 (UPK01)
DXC Technology
DXC Technology helps global companies run their mission-critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability across public, private and hybrid clouds.Job Description:
This role will be a part of a global team of Security Compliance Audit Coordinators that are responsible for planning, coordinating, facilitating, and providing guidance to DXC account and delivery teams, and/or groups of control owners and subject matter experts responsible for specific operational areas and functions supporting technology systems or tools (collectively referred to herein as “DXC teams”) in scope of System and Organization Controls (SOC) audits and other attest engagements. The Security Compliance Audit will plan and coordinate the development and execution of the internal audit plan with respect to appropriate regulatory and assurance compliance audit coverage, interface/assist external audit teams as needed, act as a liaison between the DXC teams and the auditing firm ensuring effective planning, creation of and adherence to timelines and effective communication and interpretation of SOC audit evidence and issues. Candidates should have a strong background in developing processes, procedures, and methodologies to ensure compliance.
The selected candidate will:
Become familiar with SOC audit and security compliance requirements to effectively communicate DXC security standards and SOC audit requirements (e.g., SSAE 18, ISAE 3000, ISAE 3402) as needed to help DXC teams achieve successful audit outcomes.
Understand in-country regulatory requirements with regards to sharing of data internal and external to DXC.
Develop a compliance verification strategy in collaboration with DXC teams.
Analyze and proactively plan and communicate changes within control environments for the assigned control area(s), to identify, evaluate, and address risks and impact to the SOC audits, DXC teams and internal organizations.
Serve as the primary point of contact for questions related to the assigned control area(s) managed for SOC audits.
Responsibilities include:
Creates and updates audit plans, manages control procedures.
Plans and executes internal information security assessments and audit engagements.
Improves audit experience for DXC teams and customers by providing timely and accurate audit guidance and supporting audit evidence.
Verifies compliance with security policies.
Performs internal risk analysis and creates remediation plans to ensure compliance.
Manages audit activities and understanding audit requirements.
Job Requirements, Essential:
Previous auditor experience with an auditing firm is a strong plus.
Experience with emphasis in information technology, information security, regulatory or other compliance management.
Excellent understanding of project management principles.
Experience with risk management techniques.
Knowledge of regulatory and assurance compliance requirements (such as ISO 27001, SSAE 18 (SOC 1 & 2), HIPAA/HITECH, PCI, and/or Data Privacy).
Excellent communication skills; written and verbal.
Team player.
Experience with GRC tools (such as Archer) a plus.
Qualifications:
4-6 years equivalent experience in security, compliance, and data privacy.
Bachelors or undergraduate degree or equivalent diploma, or combination of education and relevant experience.
Skilled in planning, problem solving, analysis, collaboration, and communication.
Strong organization skills to balance work and execute audit plans for complex systems in a highly matrixed organization.
Proficient with Microsoft Office suite (Word, Excel, PowerPoint) & Share Point.
Professional certifications such as PMP, CISA, CISM, CISSP, etc. a plus.
Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP Compliance HIPAA ISO 27001 Privacy Risk analysis Risk management Security assessment SOC SOC 1 Strategy
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs