Senior IT Compliance Analyst
Irvine, CA, United States
Applications have closed
Western Digital
Western Digital, leaders in digital storage solutions compatible with Mac and PC. FREE shipping, friendly support, and 30-day return policy on storage products.Company Description
Western Digital®
We deliver the possibilities of data. YOU define what’s possible.
We are looking for somebody to join our world class team that is focused on enabling the business securely!
Our Information Security Organization is looking for an Identity and Governance Administration (IGA) expert within depth experience in managing the full lifecycle of identities and related user accounts, clearly recognizes the value of access governance and compliance while making use cases easier with technologies such as user access certification and single sign-on. We are continuing to implement a cutting-edge IT environment and looking for somebody with a passion for security who has the technical expertise in various IGA and GRC systems.
Company Information
Western Digital® is a fortune 200 company consisting of 67,000 people worldwide working to enable you to store, collect, access, and use a vast and growing body of digital information. Our reliable hard drives, solid state drives, and memory, marketed under the WD, HGST, and SanDisk brands, are everywhere that digital information and content is found in the cloud, supporting your mobile digital lifestyle; in business and personal computers; in external storage devices; and in the digital video recorder in your home. We also make media players that enable you to enjoy your digital content on the biggest screen in your house – your TV. Our customers range from some of the largest companies in the world to individual users like you.
We believe in the Power of We to encourage all employees to Think Big, Make it Happen, and Do it Together!
Job Description
Role
Western Digital is looking for a Sr. Analyst IT Compliance. This role will focus on the SOX audit, PCI compliance, and other areas of compliance related to IT and security. The qualified candidate will have extensive experience and knowledge of IT General Controls, IT Application Controls, PCI Compliance, and will have worked within a large corporation collaborating with IT, the business, and Internal and External Audit teams. The ideal candidate must be familiar with on premise and SAAS based IT platforms, especially ERP, financial, and HR systems. The ideal person will have setup or maintained the SDLC, and other key controls as identified by our audit programs.
The IT Compliance Analyst is responsible for the audit processes, managing IT SOX controls and projects that help the business achieve its financial, operational objectives, building and maintaining relationships with the internal and external audit teams, collection of evidence, and remediating exceptions and findings from audits. The role requires the ability to handle multiple concurrent projects using strong analytical skills, flexibility and ingenuity. Strong interpersonal and communication skills (both written and verbal).
Responsibilities
- Define and document the IT general controls for Sarbanes Oxley (SOX) 404 compliance. Partner with third party internal and external auditors to align on the appropriate control set that optimizes the trade-offs between risk and administrative costs.
- Manage internal testing of the IT general controls for SOX, including periodic access reviews, CAB management, System Development Lifecycle audit, and other ongoing security controls.
- Work with IT process owners to identify/improve and document detailed controls for key application, security and infrastructure components
- Manage the preparation, planning and execution of organization wide IT SOX control tests
- Partner with all levels of IT and business management to ensure that SOX testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost-effective recommendations being provided to management to strengthen controls
- Provide on-going organization wide guidance on IT control requirements and impact
- Routinely summarize and communicate to affected IT and business management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating business risks
- Review the adequacy of remediation plans in addressing risk and monitor remediation plan execution through the ‘deficiency closed’ phase
- Ensure IT SOX compliance with corporate reporting submission standards and timelines
- Prepare reports on findings and recommendations for policy, procedure and internal control improvements
- Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties reviews
- Provide or assist in preparing and conducting IT focused internal controls training
- Perform customary administrative tasks and responsibilities
- Other assignments or special projects as requested by management
- Coordinate with internal and external auditors as well as other key stakeholders on the SOX testing plan regarding ongoing testing of controls, and provide support to ensure timely and smooth completion of SOX projects
Ensure compliance with PCI-Compliance, GDPR and other compliance requirements for IT systems
Qualifications
Skills & Qualifications
- 8+ years of relevant experience in the Information Technology Compliance/Audit/Security fields
- Bachelor's Degree in Information Systems, Cyber Security, Accounting, Finance, Business Administration or related discipline
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments
- Experienced with control frameworks used in IT SOX, COSO, COBIT and how this applies to the achievement of IT SOX objectives - Technology Compliance and Information Security.
- Experience using risk management (GRC) tools such as ServiceNow GRC, RSA Archer, etc.
- Requires technical knowledge of IT controls and PCI compliance
- Confidence / willingness to ask questions and raise issues / concerns in a timely manner
- Must be able to multi-task, work efficiently under tight deadlines and proactively track and report progress
- A positive, energetic, “do what it takes” attitude that thrives on identifying issues and opportunities - we are looking for people who want to blaze their own trail and own their career
- Sound professional judgment and business acumen
- Self-motivated to apply learned experiences and leverage best practices to deliver continuous process improvement
- Excellent communication skills (interpersonal, intercultural, written and verbal) and superior client relation skills
- Adept at navigating unstructured and fast paced work environment
- Ability to isolate the root cause for control gaps, and able to identify and suggest viable solutions.
- Excellent data analysis skills leveraging Microsoft Office toolset (SQL, Excel, PowerPoint, Word, Visio)
- Big-4 public accounting audit experience is preferred but not required
- Professional Certification is preferred (CISA, CISSP, SSCP, CPA, or equivalent)
Additional Information
Logistics
- Primary work in an assigned office and/or home office environment.
- Willing to be 24 x 7 on call.
- Willing to perform work function cross time zone to support US coverage needs.
#LI-RG1
Compensation & Benefits Details
- An employee’s pay position within the salary range may be based on several factors including but not limited to (1) relevant education; qualifications; certifications; and experience; (2) skills, ability, knowledge of the job; (3) performance, contribution and results; (4) geographic location; (5) shift; (6) internal and external equity; and (7) business and organizational needs.
- The salary range is what we believe to be the range of possible compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range and this range is only applicable for jobs to be performed in Colorado or remote jobs that can be performed in Colorado. This range may be modified in the future.
- You will be eligible to participate in Western Digital’s Short-Term Incentive (STI) Plan, which provides incentive awards based on Company and individual performance. Depending on your role and your performance, you may be eligible to participate in our annual Long-Term Incentive (LTI) program, which consists of restricted stock units (RSUs) or cash equivalents, pursuant to the terms of the LTI plan. Please note that not all roles are eligible to participate in the LTI program, and not all roles are eligible for equity under the LTI plan. RSU awards are also available to eligible new hires, subject to Western Digital’s Standard Terms and Conditions for Restricted Stock Unit Awards.
- We offer a comprehensive package of benefits including paid vacation time; paid sick leave; medical/dental/vision insurance; life, accident and disability insurance; tax-advantaged flexible spending and health savings accounts; employee assistance program; other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity; tuition reimbursement; transit; the Virgin Pulse Program; the Applause Program, employee stock purchase plan, and the Western Digital Savings 401(k) Plan.
- Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
Tags: Audits CISA CISSP Cloud COBIT Compliance ERP Finance GDPR Governance Risk management RSA SaaS SDLC SQL SSCP
Perks/benefits: Career development Equity Flex hours Flex vacation Gear Health care Home office stipend Insurance Medical leave Salary bonus Signing bonus Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Application security-related jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs