Analyst 4, IT Security
Western DigitalWestern Digital, leaders in digital storage solutions compatible with Mac and PC. FREE shipping, friendly support, and 30-day return policy on storage products.
At Western Digital, our vision is to power global innovation and push the boundaries of technology to make what you thought was once impossible, possible.
At our core, Western Digital is a company of problem solvers. People achieve extraordinary things given the right technology. For decades, we’ve been doing just that. Our technology helped people put a man on the moon.
We are a key partner to some of the largest and highest growth organizations in the world. From energizing the most competitive gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world’s biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.
Binge-watch any shows, use social media or shop online lately? You’ll find Western Digital supporting the storage infrastructure behind many of these platforms. And, that flash memory card that captures and preserves your most precious moments? That’s us, too.
We offer an expansive portfolio of technologies, storage devices and platforms for business and consumers alike. Our data-centric solutions are comprised of the Western Digital®, G-Technology™, SanDisk® and WD® brands.
Today’s exceptional challenges require your unique skills. It’s You & Western Digital. Together, we’re the next BIG thing in data.
Western Digital is looking for a Global IT SOX and Compliance Senior Analyst. This is an individual contributor role and will focus on the IT SOX audit, PCI compliance, and other areas of compliance related to IT and security. The qualified candidate will have extensive experience and knowledge of IT General Controls, IT Application Controls, PCI Compliance, and will have worked within a large corporation collaborating with IT, the business, and Internal and External Audit teams. The ideal candidate must be familiar with on premise and SaaS based IT platforms, especially ERP, financial, and HR systems. The ideal person will have established and/or maintained the System Development Life Cycle (SDLC), and other key controls as identified by our audit programs.
The Global IT SOX and Compliance Senior Analyst is responsible for the audit processes, managing IT SOX controls and projects that help the business achieve its financial and operational objectives, building and maintaining relationships with the internal and external audit teams, collection of evidence, and remediating exceptions and findings from audits. The role requires the ability to handle multiple concurrent projects using strong analytical skills, flexibility and ingenuity. Strong interpersonal and communication skills (both written and verbal) are required.
- 10+ years of relevant experience in the Information Technology Compliance/Audit/Security fields
- Bachelor's Degree in Information Systems, Cyber Security, Accounting, Finance, Business Administration or related discipline.
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments
- Experienced with control frameworks used in IT SOX, COSO, COBIT and how this applies to the achievement of IT SOX objectives - Technology Compliance and Information Security.
- Experience using risk management (GRC) tools such as ServiceNow GRC, RSA Archer, etc.
- Requires technical knowledge of IT controls and PCI compliance.
- Confidence / Willingness to ask questions and raise issues / concerns in a timely manner.
- Must be able to multi-task, work efficiently under tight deadlines and proactively track and report progress.
- A positive, energetic, “do what it takes” attitude that thrives on identifying issues and opportunities - we are looking for people who want to blaze their own trail and own their career.
- Sound professional judgment and business acumen.
- Self-motivated to apply learned experiences and leverage best practices to deliver continuous process improvement.
- Excellent communication skills (interpersonal, intercultural, written and verbal) and superior client relation skills.
- Excellent project and time management skills.
- Adept at navigating unstructured and fast paced work environment.
- Ability to isolate the root cause for control gaps, and able to identify and suggest viable solutions.
- Excellent data analysis skills leveraging Microsoft Office toolset (SQL, Excel, PowerPoint, Word, Visio).
- Big-4 public accounting audit experience is preferred.
- Professional Certification is preferred (CISA, CISSP, SSCP, CPA, or equivalent).
- Define and document the IT general controls for Sarbanes Oxley (SOX) 404 compliance. Partner with third party internal and external auditors to align on the appropriate control set that optimizes the trade-offs between risk and administrative costs.
- Manage internal testing of the IT general controls for SOX, including periodic access reviews, change management, SDLC, and other ongoing security controls.
- Work with IT process owners to identify/improve the documented controls and evidence required for testing key application, security and infrastructure components.
- Manage the preparation, planning and execution of organization wide IT SOX control testing.
- Partner with all levels of IT and business management to ensure that IT SOX testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost-effective recommendations to management to strengthen controls.
- Provide on-going organization wide guidance on IT control requirements and impact.
- Routinely summarize and communicate to affected IT and business management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating business risks.
- Review the adequacy of remediation plans in addressing risk and monitor remediation plan execution through the ‘deficiency closed’ phase.
- Ensure IT SOX compliance with corporate reporting submission standards and timelines.
- Prepare reports on findings and recommendations for policy, procedure and internal control improvements.
- Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties and System and Organization Controls (SOC) Report reviews.
- Provide or assist in preparing and conducting IT focused internal controls and PCI training.
- Perform customary administrative tasks and responsibilities.
- Other assignments or special projects as requested by management.
- Coordinate with internal and external auditors as well as other key stakeholders on the SOX testing plan regarding ongoing testing of controls, and provide support to ensure timely and smooth completion of SOX projects.
- Ensure compliance with PCI-DSS, GDPR and other compliance requirements for IT systems.
Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.
Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at email@example.com to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open SOC-related jobs
- Open GCP-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open DoD-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs