IT SOX and Compliance Analyst

Company Description

At Western Digital, our vision is to power global innovation and push the boundaries of technology to make what you thought was once impossible, possible.

At our core, Western Digital is a company of problem solvers. People achieve extraordinary things given the right technology. For decades, we’ve been doing just that. Our technology helped people put a man on the moon.

We are a key partner to some of the largest and highest growth organizations in the world. From energizing the most competitive gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world’s biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.

Binge-watch any shows, use social media or shop online lately? You’ll find Western Digital supporting the storage infrastructure behind many of these platforms. And, that flash memory card that captures and preserves your most precious moments? That’s us, too.

We offer an expansive portfolio of technologies, storage devices and platforms for business and consumers alike. Our data-centric solutions are comprised of the Western Digital®, G-Technology™, SanDisk® and WD® brands.

Today’s exceptional challenges require your unique skills. It’s You & Western Digital. Together, we’re the next BIG thing in data.

Job Description

Western Digital is looking for an IT SOX and Compliance Analyst.  This role will focus on the SOX audit, PCI compliance, and other areas of compliance related to IT and security.  The qualified candidate will have extensive experience and knowledge of IT General Controls, IT Application Controls, PCI Compliance, and will have worked within a large corporation collaborating with IT, the business, and Internal and External Audit teams.  The ideal candidate must be familiar with on premise and SAAS based IT platforms, especially ERP, financial, and HR systems.  The ideal person will have setup or maintained the SDLC, and other key controls as identified by our audit programs.  

The IT SOX and Compliance Analyst is responsible for the audit processes, managing IT SOX controls and projects that help the business achieve its financial, operational objectives, building and maintaining relationships with the internal and external audit teams, collection of evidence, and remediating exceptions and findings from audits. The role requires the ability to handle multiple concurrent projects using strong analytical skills, flexibility and ingenuity.  Strong interpersonal and communication skills (both written and verbal).

Qualifications

• 5+ years of relevant experience in the Information Compliance/Audit/Security fields
• Bachelor's Degree in Computer Science, Engineering, Information Systems, Cyber Security, Accounting, Finance, Business Administration or related discipline 
• Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments 
• Experienced with control frameworks used in IT SOX, COSO, COBIT and how this applies to the achievement of IT SOX objectives - Technology Compliance and Information Security.
• Experience using risk management (GRC) tools such as ServiceNow GRC, RSA Archer, etc.
• Requires technical knowledge of IT controls and PCI compliance
• Excellent written and verbal communication skills to “engage in the conversation” 
• Confidence / willingness to ask questions and raise issues / concerns in a timely manner 
• Must be able to multi-task, work efficiently under tight deadlines and proactively track and report progress 
• A positive, energetic, “do what it takes” attitude that thrives on identifying issues and opportunities - we are looking for people who want to blaze their own trail and own their career 
• Sound professional judgment and business acumen 
• Self-motivated to apply learned experiences and leverage best practices 
• Excellent communication skills (interpersonal, intercultural, written and verbal) and superior client relation skills 
• Adept at navigating unstructured and fast paced work environment 
• Professional Certification is preferred (CISA, CISSP, SSCP, CPA, or equivalent)

Additional Information

• Work with IT process owners to identify/improve and document detailed controls for key application, security and infrastructure components
• Manage the preparation, planning and execution of organization wide IT Sarbanes Oxley (SOX) control tests
• Partner with all levels of IT and business management to ensure that SOX testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost-effective recommendations being provided to management to strengthen controls
• Provide on-going organization wide guidance on IT control requirements and impact
• Routinely summarize and communicate to affected IT and business management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating business risks
• Review the adequacy of remediation plans in addressing risk and monitor remediation plan execution through the ‘deficiency closed’ phase
• Ensure IT SOX compliance with corporate reporting submission standards and timelines
• Prepare reports on findings and recommendations for policy, procedure and internal control improvements
• Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties reviews
• Provide or assist in preparing and conducting IT focused internal controls training
• Perform customary administrative tasks and responsibilities
• Other assignments or special projects as requested by management
• Coordinate with internal and external auditors as well as other key stakeholders on the SOX testing plan regarding ongoing testing of controls, and provide support to ensure timely and smooth completion of SOX projects 
• Ensure compliance with GDPR and other compliance requirements for IT systems

Western Digital is committed to providing equal opportunities to all applicants and employees and will not discriminate based on their race, color, ancestry, religion (including religious dress and grooming standards), sex (including pregnancy, childbirth or related medical conditions, breastfeeding or related medical conditions), gender (including a person’s gender identity, gender expression, and gender-related appearance and behavior, whether or not stereotypically associated with the person’s assigned sex at birth), age, national origin, sexual orientation, medical condition, marital status (including domestic partnership status), physical disability, mental disability, medical condition, genetic information, protected medical and family care leave, Civil Air Patrol status, military and veteran status, or other legally protected characteristics. We also prohibit harassment of any individual on any of the characteristics listed above. Our non-discrimination policy applies to all aspects of employment. We comply with the laws and regulations set forth in the Equal Employment Opportunity is the Law poster.

Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at jobs.accommodations@wdc.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

#LI-RG1