Senior Governance, Risk, Compliance - Audit (GRC-A) Security Advisor

At SAS, where you start doesn’t have to be where you end; and there is ample opportunity for internal career mobility. Whether you’re looking to grow a new skill or experience a new role, there’s no time like the present to take the next step; and we’re here to support you in your journey.

We’re looking for a Governance, Risk, Compliance – Audit Security Advisor to join our team in Australia, specifically focused on Compliance in Government.  The role will assess information security and cybersecurity risk, facilitate compliance with regulatory requirements and information security policies, execute assurance testing to required performance standards, and develop and report information security metrics.  They are responsible for lowering information security and cybersecurity risk to SAS, partnering with other teams across the enterprise.

Your responsibilities may include:

• While remaining updated of compliance and security regulations and standards within regulated markets for ex: IRAP, ISMAP, ISAE 3000, and/or ISO 27001), provide advisory services to the business, including recommendations for assurance and application of SAS security policies for SAS Cloud, on-premises projects, and country or regional offices.
• Review SAS Cloud or on-premises security contract terms, respond to RFP and security questionnaires, and support information security-related discussions with customer security teams and auditors during negotiations and post-sale operational activities.
• Facilitate and ensure continuous monitoring activities are operating effectively, identifying control gaps and deficiencies and reporting to management, as applicable.
• Assist in the development System Security Plans, Plans of Actions and Milestones, Continuous Monitoring Plans, and Incident Response Plans in collaboration with other teams.
• Conduct scheduled and ad hoc reviews of applicable SAS Cloud solution environments, including the support and management of external assessor activities related to certifications and customer contractual requirements.
• Research and contribute to information security polices and standards, with the objective of continually maturing operations, while meeting regulatory and compliance obligations.
• Participate in security investigations and compliance reviews, as required by contract or regulation.
• Identify and recommend cost effective improvements to security practices while maintaining compliance to required standards and regulations.
• Use the GRC tool to create and manage continuous monitoring indicators, build reporting dashboards, document electronic work papers, and manage audit documentation.
• Identify risk issues and work in collaboration with other teams across the enterprise to remediate.

Other knowledge, skills, and abilities

• Maintain an ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity.
• Strong time management skills (schedules, prioritization).
• Excellent communication, analysis, and process flow skills.
• Ability to be flexible, display tact and diplomacy, and maintain confidentiality and integrity.
• Must have the ability to work with little supervision, escalating issues, as appropriate.
• Perform other duties, as assigned.
• Travel as business requirements dictate at management discretion.

Qualifications

• Bachelor's degree in Business, IT, Computer Science, Project Management  or related  field
• 5-8+ years of functional experience in project management, management consulting, IT, audit/compliance or related field.
• Experience in a regulated (pharmaceutical, banking, insurance, government) industry (may be concurrent with the above functional experience).
• Understanding of regulatory standards (ex: IRAP, PMDA, PCI, NIST 800-53).
• Knowledge and experience with best practices/standards (ex: COBIT, GAMP5, ISO 27000 or 42000). 
• Must be an Australian citizen
• Successful applicants will be required to complete a background check (including criminal history check) prior to commencement of employment.

Nice to Haves

• Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters)
• Management consulting experience
• Experience with ServiceNow issue management ticketing system
• Auditor or security certification (ex: CISA, IIA, CISSP) and/or training
• SAS software implementation experience or IT hosting experience

Diverse and Inclusive

At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

#SAS

#LI-IL1