Sr. IT SOX and Compliance Analyst

Company Description

At Western Digital, our vision is to power global innovation and push the boundaries of technology to make what you thought was once impossible, possible.

At our core, Western Digital is a company of problem solvers. People achieve extraordinary things given the right technology. For decades, we’ve been doing just that. Our technology helped people put a man on the moon.

We are a key partner to some of the largest and highest growth organizations in the world. From energizing the most competitive gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world’s biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.

Binge-watch any shows, use social media or shop online lately? You’ll find Western Digital supporting the storage infrastructure behind many of these platforms. And, that flash memory card that captures and preserves your most precious moments? That’s us, too.

We offer an expansive portfolio of technologies, storage devices and platforms for business and consumers alike. Our data-centric solutions are comprised of the Western Digital®, G-Technology™, SanDisk® and WD® brands.

Today’s exceptional challenges require your unique skills. It’s You & Western Digital. Together, we’re the next BIG thing in data.

Job Description

Western Digital is looking for a Sr. Analyst IT Compliance.  This role will focus on the SOX audit, PCI compliance, and other areas of compliance related to IT and security.  The qualified candidate will have extensive experience and knowledge of IT General Controls, IT Application Controls, PCI Compliance, and will have worked within a large corporation collaborating with IT, the business, and Internal and External Audit teams.  The ideal candidate must be familiar with on premise and SAAS based IT platforms, especially ERP, financial, and HR systems.  The ideal person will have setup or maintained the SDLC, and other key controls as identified by our audit programs. 

The IT Compliance Analyst is responsible for the audit processes, managing IT SOX controls and projects that help the business achieve its financial, operational objectives, building and maintaining relationships with the internal and external audit teams, collection of evidence, and remediating exceptions and findings from audits. The role requires the ability to handle multiple concurrent projects using strong analytical skills, flexibility and ingenuity.  Strong interpersonal and communication skills (both written and verbal).

Responsibilities  

• Define and document the IT general controls for Sarbanes Oxley (SOX) 404 compliance. Partner with third party internal and external auditors to align on the appropriate control set that optimizes the trade-offs between risk and administrative costs.
• Manage internal testing of the IT general controls for SOX, including periodic access reviews, CAB management, System Development Lifecycle audit, and other ongoing security controls.
• Work with IT process owners to identify/improve and document detailed controls for key application, security and infrastructure components
• Manage the preparation, planning and execution of organization wide IT SOX control tests
• Partner with all levels of IT and business management to ensure that SOX testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost-effective recommendations being provided to management to strengthen controls
• Provide on-going organization wide guidance on IT control requirements and impact
• Routinely summarize and communicate to affected IT and business management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating business risks
• Review the adequacy of remediation plans in addressing risk and monitor remediation plan execution through the ‘deficiency closed’ phase
• Ensure IT SOX compliance with corporate reporting submission standards and timelines
• Prepare reports on findings and recommendations for policy, procedure and internal control improvements
• Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties reviews
• Provide or assist in preparing and conducting IT focused internal controls training
• Perform customary administrative tasks and responsibilities
• Other assignments or special projects as requested by management
• Coordinate with internal and external auditors as well as other key stakeholders on the SOX testing plan regarding ongoing testing of controls, and provide support to ensure timely and smooth completion of SOX projects 

Ensure compliance with PCI-Compliance, GDPR and other compliance requirements for IT systems 

Qualifications

• 8+ years of relevant experience in the Information Technology Compliance/Audit/Security fields
• Bachelor's Degree in Information Systems, Cyber Security, Accounting, Finance, Business Administration or related discipline 
• Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments 
• Experienced with control frameworks used in IT SOX, COSO, COBIT and how this applies to the achievement of IT SOX objectives - Technology Compliance and Information Security.
• Experience using risk management (GRC) tools such as ServiceNow GRC, RSA Archer, etc.
• Requires technical knowledge of IT controls and PCI compliance
• Confidence / willingness to ask questions and raise issues / concerns in a timely manner 
• Must be able to multi-task, work efficiently under tight deadlines and proactively track and report progress 
• A positive, energetic, “do what it takes” attitude that thrives on identifying issues and opportunities - we are looking for people who want to blaze their own trail and own their career 
• Sound professional judgment and business acumen 
• Self-motivated to apply learned experiences and leverage best practices to deliver continuous process improvement
• Excellent communication skills (interpersonal, intercultural, written and verbal) and superior client relation skills 
• Adept at navigating unstructured and fast paced work environment 
• Ability to isolate the root cause for control gaps, and able to identify and suggest viable solutions.
• Excellent data analysis skills leveraging Microsoft Office toolset (SQL, Excel, PowerPoint, Word, Visio)
• Big-4 public accounting audit experience is preferred but not required
• Professional Certification is preferred (CISA, CISSP, SSCP, CPA, or equivalent)

Logistics

• Primary work in an assigned office and/or home office environment.
• Being flexible and accommodating when working with people from different time zones across the world

Additional Information

Western Digital is committed to providing equal opportunities to all applicants and employees and will not discriminate based on their race, color, ancestry, religion (including religious dress and grooming standards), sex (including pregnancy, childbirth or related medical conditions, breastfeeding or related medical conditions), gender (including a person’s gender identity, gender expression, and gender-related appearance and behavior, whether or not stereotypically associated with the person’s assigned sex at birth), age, national origin, sexual orientation, medical condition, marital status (including domestic partnership status), physical disability, mental disability, medical condition, genetic information, protected medical and family care leave, Civil Air Patrol status, military and veteran status, or other legally protected characteristics. We also prohibit harassment of any individual on any of the characteristics listed above. Our non-discrimination policy applies to all aspects of employment. We comply with the laws and regulations set forth in the Equal Employment Opportunity is the Law poster.

Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at jobs.accommodations@wdc.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

#LI-RG1

Compensation & Benefits Details

• An employee’s pay position within the salary range may be based on several factors including but not limited to (1) relevant education; qualifications; certifications; and experience; (2) skills, ability, knowledge of the job; (3) performance, contribution and results; (4) geographic location; (5) shift; (6) internal and external equity; and (7) business and organizational needs.
• The salary range is what we believe to be the range of possible compensation for this role at the time of this posting.  We may ultimately pay more or less than the posted range and this range is only applicable for jobs to be performed in California, Colorado, New York or remote jobs that can be performed in California, Colorado and New York.  This range may be modified in the future.
• You will be eligible to participate in Western Digital’s Short-Term Incentive (STI) Plan, which provides incentive awards based on Company and individual performance.  Depending on your role and your performance, you may be eligible to participate in our annual Long-Term Incentive (LTI) program, which consists of restricted stock units (RSUs) or cash equivalents, pursuant to the terms of the LTI plan. Please note that not all roles are eligible to participate in the LTI program, and not all roles are eligible for equity under the LTI plan. RSU awards are also available to eligible new hires, subject to Western Digital’s Standard Terms and Conditions for Restricted Stock Unit Awards.
• We offer a comprehensive package of benefits including paid vacation time; paid sick leave; medical/dental/vision insurance; life, accident and disability insurance; tax-advantaged flexible spending and health savings accounts; employee assistance program; other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity; tuition reimbursement; transit; the Virgin Pulse Program; the Applause Program, employee stock purchase plan, and the Western Digital Savings 401(k) Plan.
• Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.