jobcategory: IT

The IT Compliance Auditor is primarily
responsible for performing day to day IT compliance audits with a focus on
Sarbanes-Oxley, PCI and other regulatory frameworks. This position reports to the IT Compliance
Manager.

 

This position partners
closely with IT teams, internal and external auditors, and other business partners
to ensure that required IT SOX and IT General Controls are adequately
performed.   

 

 

Responsibilities:

• Assist with remediation of
  control deficiencies and gaps identified during the audit process




• Proactively identify gaps or
  conflicts in existing processes and help develop solutions with the
  stakeholders




• Facilitate third party
  attestations, audits (PCI-DSS, CCPA/GDPR and SOX), and certification
  efforts for the organization




• Assist process/control owners
  with the design/implementation of controls and related documentation
  (e.g., policies, procedures, narratives, and matrices




• Work closely with both
  technology and business process owners to identify, document, and
  implement processes to address areas of key risks




• Ensure that all PCI-DSS, CCPA/GDPR and SOX
  controls are implemented, documented, and monitored through the course of
  the year




• Establish
  processes to support the controls and ensure that control self-assessments
  are conducted promptly with required completeness and accuracy




• Support
  the Risk & Compliance team to implement processes and controls to
  ensure the company’s compliance with other regulatory and industry
  mandates such as GDPR and CCPA




• Participate
  in identifying and validating critical controls to address IT and business
  risks and work with various teams to address identified deficiencies




• Participate
  in audits of third parties such as vendors, services providers, consulting
  organizations, etc.




• Ensure
  that appropriate documentation in the form of policies, standards, and
  procedures is created and managed to support the various security,
  compliance, and audit requirements




• Provide
  guidance and support to IT and business to ensure continued compliance
  with the various mandates




• Endorse
  and support a compliance culture whereby employees are encouraged to seek
  clarifications and support for the company’s compliance initiatives




• Participate
  and provide input to Annual risk assessments, in-scope systems analysis,
  and coordination of the testing approach.




• Participate
  in IT SOX walkthroughs to identify potential changes and control gaps and
  conduct IT SOX controls testing to evaluate the design and operating
  effectiveness of controls in accordance with established procedures.




• Provide
  input to periodic progress reporting including status of overall testing
  progress, open control deficiencies, and assist with escalation when
  deficiencies are not remediated timely.




• Coordinate
  with IT personnel across the organization to implement required controls
  and ensure that process is followed to maintain appropriate evidence as
  required by the specific control.




• Identify
  risk and control gaps and partner with the IT department to ensure
  internal control guidelines exist in ClubCorp systems and applications to
  ensure compliance with IT related audits.




• Responsible
  for working with process owners and external auditors to facilitate the
  execution of management’s annual internal controls assessment in
  accordance with IT related audits




• Responsible
  for tracking and monitoring IT remediation efforts




• Perform or assist with overseeing initial
  and periodic audits/analysis, mitigation, and remediation

 

 

Qualifications

:

– 3-5 years’ experience in an information security compliance, audit, or risk management role with hands-on experience in a multitude of compliance initiatives including but not limited to:
– PCI – DSS

– EU-GDPR, CCPA

– SOX

 

– Experience with developing and implementing automation for controls and compliance is preferred

– Strong analytical and problem-solving skills with the ability to function as a change agent

– Demonstrated experience in working in a high paced multi-tasking environment

– Understanding of security metrics and creation of useful dashboards for management review and consumption

 

Knowledge/Skills/Abilities:

– Attention to detail and strong communication, analytical and decision-making skills are must 

– Experience in implementing and utilizing compliance frameworks such as COBIT, PCI – DSS and ISO 27001, etc.

– Thorough understanding of SOX, GDPR, and the California Consumer Privacy Act (CCPA)

– Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption, and key management, logging and monitoring and application security

– Familiarity with cloud-based environments and technologies with associated auditing methodologies

– Excellent documentation and communication skills

– Prior experience as a Big4 auditor preferred