Compliance and Risk Management Analyst 9/16/2016
NTT Data Inc
JOB DESCRIPTIONAPPLY Description
My customer, an international financial institution located in Washington, DC has a contract position available for an IT Compliant and Risk Management Analyst.
The ITS Information Security and Risk Management (ITSSR) unit, headed by the Chief Information Security Officer (CISO), is responsible for providing leadership in managing the functions and activities of information security and risk management across the client, enabling the achievement of client's business objectives. ITSSR enables and facilitates a risk aware culture, ensures that client information assets are protected in an effective, efficient, and balanced manner; and IT security and risk management efforts throughout the client are coordinated and aligned to the client's business and IT strategy. ITSSR establishes and maintains the client's IT and information security policies and standards; develops and engineers the client's information security plans and solutions; responds to security incidents; and ensures that information risks are identified, assessed, and managed in a consistent manner with the overall risk management approach and established risk appetite and tolerance. ITSSR consists of the following units: 1) ITS Risk Management and Security Advisory, 2) Compliance, 3) Policy, 4) ITS Security Operations, and 5) Program Management Office (PMO).Duties and Accountability
* Conduct IT technical and process audits as well as compliance assessments based on COBIT, ISO 27001 & ISO 20000 frameworks.
* Develop test plans and detailed test procedures to assess operating effectiveness of IT technical and process controls.
* Assist in controls implementation including documentation of processes and procedures to address Internal Controls over Financial Reporting (ICFR) requirements for the IT General Computer Controls (ITGC) for Information Security, Change Management and IT Operations areas.
* Assess compliance against technical standards for various platforms and technologies.
* Discuss compliance and audit issues with stakeholders and develop action plans to address them.
* Collect, evaluate, and maintain data to ensure that required management reporting is completed as needed. This also includes inputting appropriate data into GRC tools.
* Assist in monitoring open audit items from audits such as internal audit department (IAD) IT audits, external financial audits on Internal Controls over Financial Reporting (ICFR); and ISO 27001 & ISO 20000 certification audits to ensure execution of remedial activities defined in the agreed action plans and risk treatment plans.
* Perform other duties in the compliance work program as assigned.
* MA/MS (In Computer Science, Information Systems or a related technical field or equivalent combination of education and experience. BS/BA is minimum education requirement.);
* Minimum 5-7 years' experience working in an information security, information technology or compliance related field;
* Demonstrated experience in conducting IT audits;
* Familiarity and understanding of broad range of IT hardware and software products;
* Experience in auditing platforms (UNIX, Windows) and databases (Oracle);
* Thorough understanding of industry standards and regulations including COBIT, COSO, and SOX;
* Good knowledge of ISO 27001 & ISO 20000 control frameworks;
* Experience in conducting design and operating effectiveness testing for the ITGCs;
* Knowledge of ERP and financial system including but not limited to SAP, PeopleSoft and Summit and enterprise GRC systems such as BWise and RSAM;
* Possess excellent written and verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers;
* Possession of industry certifications highly preferred including, but not limited to Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and Information Systems Security Management Professional (ISSMP);
* Ability to work independently and within groups, Must be self-motivated and able to work independently with minimal supervision;
* Highest ethical standards.
*benefits are available only to W2 Contractors
Who is NTT Data*
NTT DATA is a leading IT services provider and global innovation partner with 80,000 professionals based in over 40 countries. NTT DATA emphasizes long-term commitment and combines global reach and local intimacy to provide premier professional services, including consulting, application services, business process and IT outsourcing, and cloud-based solutions. We're part of NTT Group, one of the world's largest technology services companies, generating more than $100 billion in annual revenues and partner to 80% of the Fortune 100. Visit www.nttdata.com/americas to learn how our consultants, projects, managed services, and outsourcing engagements deliver value for a wide range of businesses and government agencies.
The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law. To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.