Security Compliance Audit

Job Description:

This role will be a part of a global team of Security Compliance Audit Coordinators that are responsible for planning, coordinating, facilitating, and providing guidance to DXC account and delivery teams, and/or groups of control owners and subject matter experts responsible for specific operational areas and functions supporting technology systems or tools (collectively referred to herein as “DXC teams”) in scope of System and Organization Controls (SOC) audits and other attest engagements.  The Security Compliance Audit will plan and coordinate the development and execution of the internal audit plan with respect to appropriate regulatory and assurance compliance audit coverage, interface/assist external audit teams as needed,  act as a liaison between the DXC teams and the auditing firm ensuring effective planning, creation of and adherence to timelines and effective communication and interpretation of SOC audit evidence and issues.  Candidates should have a strong background in developing processes, procedures, and methodologies to ensure compliance.

The selected candidate will: 

Become familiar with SOC audit and security compliance requirements to effectively communicate DXC security standards and SOC audit requirements (e.g., SSAE 18, ISAE 3000, ISAE 3402) as needed to help DXC teams achieve successful audit outcomes. 
Understand in-country regulatory requirements with regards to sharing of data internal and external to DXC. 
Develop a compliance verification strategy in collaboration with DXC teams. 
Analyze and proactively plan and communicate changes within control environments for the assigned control area(s), to identify, evaluate, and address risks and impact to the SOC audits, DXC teams and internal organizations.
Serve as the primary point of contact for questions related to the assigned control area(s) managed for SOC audits.  

Responsibilities include:

Creates and updates audit plans, manages control procedures. 
Plans and executes internal information security assessments and audit engagements. 
Improves audit experience for DXC teams and customers by providing timely and accurate audit guidance and supporting audit evidence.
Verifies compliance with security policies. 
Performs internal risk analysis and creates remediation plans to ensure compliance.
Manages audit activities and understanding audit requirements.

Job Requirements, Essential: 

Previous auditor experience with an auditing firm is a strong plus.
Experience with emphasis in information technology, information security, regulatory or other compliance management. 
Excellent understanding of project management principles. 
Experience with risk management techniques. 
Knowledge of regulatory and assurance compliance requirements (such as ISO 27001, SSAE 18 (SOC 1 & 2), HIPAA/HITECH, PCI, and/or Data Privacy). 
Excellent communication skills; written and verbal. 
Team player.
Experience with GRC tools (such as Archer) a plus.

Qualifications:

4-6 years equivalent experience in security, compliance, and data privacy. 
Bachelors or undergraduate degree or equivalent diploma, or combination of education and relevant experience. 
Skilled in planning, problem solving, analysis, collaboration, and communication. 
Strong organization skills to balance work and execute audit plans for complex systems in a highly matrixed organization.

Proficient with Microsoft Office suite (Word, Excel, PowerPoint) & Share Point. 
Professional certifications such as PMP, CISA, CISM, CISSP, etc. a plus.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.