Security Consultant-Audit & Compliance

SENIOR CONSULTANT, AUDIT & COMPLIANCE is a global role accountable for supporting all processes and activities that ensure limiting number of audit related findings / non-compliances, including internal/external audits by managing internal audits, penetration tests, and annual assurance reports (currently ISAE 3000, 3402 and SOC2 Type 2

Supporting of a significant amount of internal and external audits (currently around 15).  In some cases, the audits cover the same controls as the assurance audits but with different requests for evidence.

 

Defined Responsibilities:

• Senior Consultant for Audit and Compliance Services provide and coordinate Audit & Compliance related records, backlog, support and/or coordinate internal and external stakeholders.
• Serve as Audit squad representative to relevant meetings as needed.
• Propose and manage control framework elements that aligns with customer requirements
• Proving support and execute annual assurance plans with customer and internal stakeholders and owner for successful delivery of all agreed elements in time and in quality.
• Proactively support a system of internal audits and measurements to provide assurance that all requirements are being met throughout the audit year
• Monitor and follow up relevant Critical Service Levels (CSL), Key Measures (KM), and Key Performance Indicators (KPI) and ensure corrective measures
• Support of the Critical Service Level to clause audit findings in time
• Support of Key Measures for Security Awareness Training
• Coordinate the audit processes such that there is a successful closure of all customers requested audits and the regulatory assurance audits
• Based on empowerment communicate with relevant parties/ stakeholders regarding audit details, schedules, responsibilities, and findings
• Interpret audit requests to service lines resulting in minimal business process interruption within the delivery units.
• Based on empowerment upload internal/external audit results to Jira tool to document remediation activities and give access to internal stakeholders
• Write required sections of draft assurance reports which cannot be delivered by the external auditors
• Escalate activities which require management decision and action

 

 

 

 

1. QUALIFICATIONS (SKILLS, KNOWLEDGE, BEHAVIOR)

 

Education:

• Candidate must have a minimum of a bachelor’s degree in a related field or equivalent work experience
• Professional certification CISA / CISSP required, CISM / CGEIT is a plus.

Experience:

• Experience with complex IT Security audits and/or compliance projects
• Experience with performing compliance audits (e.g. SOx, PCI-DSS, etc.) and managing outcomes

Knowledge:

• Expert knowledge in implementing ISAE 3402, ISAE 3000, SOC1 and SOC2 compliance programs
• Knowledge of IT security environment (e.g. ISO 27002, CoBIT, ITIL etc.)
• Written and oral communication skills (in English)
• Project management skill is a plus
• Knowledge of agile development methodology is a plus
• Knowledge of data privacy regulations, experience with GDPR is a plus

Interpersonal Skills:

• Highly developed organisation and time management skills
• Capable of making and understanding the impact of complex prioritization decisions under pressure
• Give training to new team members

Has energy and drive:

• High performance team player that leads through example and education
• Flexibility with ability to work in a changing environment, especially with virtual teams across organizational and geographical boundaries
• Manage stress and can work under pressure

Learning on the fly:

• Is always searching for new knowledge
• Is flexible and open minded, evaluating new ideas or possibilities in an objective manner

Corporate Commitment:

• Demonstrates evidence for T-Systems Guiding Principles
• Focus on compliance and “no red audit” findings
• Understands the global environment in which we work

Please Note: Fraudulent job postings/job scams are increasingly common. Beware of misleading advertisements and fraudulent communication issuing 'offer letters' on behalf of T-Systems in exchange for a fee. Please look for an authentic T-Systems email id - XYZ@t-systems.com.

Stay vigilant. Protect yourself from recruitment fraud!

To know more please visit : Fraud Alert