JAGGAER is seeking a Senior Technology Governance, Risk, and Compliance (GRC) Analyst with experience in the areas highlighted below. This is a unique opportunity to expand your skills and influence a growing Cybersecurity Program. This opportunity provides the ability to work with various teams to evaluate controls, perform control testing to improve efficiency and effectiveness of the internal controls, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. You will facilitate control reviews to accommodate new business areas as well as changes in processes. Assist the technology teams in identifying gaps between policy and process, developing recommendations to remediate control weaknesses as well as executing 3rd party risk management reviews of key third party service providers to ensure compliance obligations are being met including the monitoring of any remediation plans to address their weaknesses. Working with the pre-sales and professional services groups as a security SME responding to customer inquiries, RFP's and building trust with customers.
Principal Responsibilities
The Day to Day:
In support of multiple attestations (ISO27001, PCI, SSAE 18 SOC2 Type2) plan, design and execute controls testing, controls assessment and documentation across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HIPAA and other GRC requirements, as appropriate
Serve as trusted advisor and technology key controls subject matter expert; partner to evaluate the design and effectiveness of the control environment, both operational and technical; to develop trending for remediation efforts and overall compliance with regulatory and operational standards, and to build compliance programs including detailed exception reporting and complex configuration monitoring requirements
Provide direction and guidance in pre-implementation reviews of new systems and services to ensure proper controls are implemented and executed to meet compliance
Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet GRC standards where applicable
Be a trusted advisor for in scope internal and external audits to expedite reviews and mitigate operational impacts
As an integral member of the team exhibit ownership, follow through, initiative, awareness and effective communication with peers and management
Engage with the sales process to answer customer questions on the security program
Prepare and provide accurate, timely communications of observations, recommendations and conclusions as well as evaluating management remediation action plans
Ability to lead meetings with business partners to define compliance process, initiate assessments, and articulate results to include remediation plans
Partner to gain consensus on Compliance approaches with a proven ability to effectively communicate remediation and prevention
Technology GRC Methodology:
Ability to understand business requirements, to help design and implement GRC management practices for all supported technology environments
Passionate about continuous improvement and ownership of controls across systems and processes
Consistently shows the ability to mentor others as it relates to JAGGAER's data and processes
Ability to drive compliance and communicate the compliance posture along with risk exposure to senior leader supporting technology infrastructure
Ability to help develop and deliver compliance training and awareness type activities with proven results across all domains
Maintain a strong knowledge base and awareness of industry and technology trends, external regulations for new or changed requirements within technology and identify industry standards for core processes (e.g. NIST, PCI, ITIL, data privacy etc.)
Position Requirements
Experience with the following required:
Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the companies risk appetite to compliance needs/requirements
Must have detailed knowledge and experience with technology controls across a variety of Industry frameworks and how to assess controls supporting compliance for SOX, PCI, and Privacy.
Developing dynamic approaches to the implementation of and technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicable
Proven ability to independently gather test evidence and translate compliance findings into actions
Able to assess, identify, and document third party system compliance deficiencies and recommends solutions to include understanding SOC reports
Excellent communication skills to include but not limited to verbal and written communication; delivering organized presentations; able to tailor message to the audience; and facilitate group discussions with diplomacy and seek diverse opinions
Excellent analytical skills with experience in data analysis to support reporting and testing processes.
Dedication and commitment to world class service and to exceeding customer expectations.
Desire to keep current with technology and emerging technology compliance trends.
Possess strong organization and time management skills.
Demonstrated flexibility in a fast paced and agile environment.
Education and/or Experience:
Bachelor's degree in Business/ Computer Science/Technology with IT audit or compliance experience
In depth knowledge of information security, Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit
5+ years working experience with enterprise technology compliance management programs, or Auditing experience, controls testing, conducting ITGC and PCI assessments and leading related project teams as a security subject matter expert in privacy, data security and control issues with technologies such as Cloud, SaaS, Linux, Windows, VMware, Intrusion Prevention
Previous working experience and knowledge of two or more security functions (IT Compliance Assessor, QSA, Security Specialist, IT Auditor)
Possession of one of the following industry certifications required : CISA, CRISC, CIA, CISM, PCI, CISSP
JAGGAER offers equal employment opportunities without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity, national origin, age, disability, genetic information, veteran or military status and other protected class characteristics.