Sr. It Compliance Specialist-ind Job in Ingram Micro

Job Description

Job Description for Sr. IS Security SAP Analyst Ingram Micro Inc.

Ingram Micro

JOB DESCRIPTION

JOB TITLE: Sr. IT Compliances Specialist COMPLETED BY: Madhur Sharma

JOB CODE: To be created DATE: 02/05/2020

DEPARTMENT: Global IS GRADE/FLSA: 8

POSITION REPORTS TO: Manager, Compliance

APPROVED BY: Madhur Sharma

JOB TITLES REPORTING TO THIS POSITION: None

I. SUMMARY:

The Sr. IS Compliance Specialist is responsible for performing, or leading, complex and/or significant compliance reviews, within the IT audits including network, internet, applications, telecommunications, security administration, and contingency planning. Assess risks, develops detail audit/compliance programs, execute audit/compliance programs steps, analyses results and effectively communicates results to senior management.

On a primarily independent basis, support global activities as they relate to IS compliance including: Financial Regulations, Statutory Audits, PCI, ISO 27001, customer commitment obligations such as SOC1 and SOC2 attestation, Internal and External Auditor liaison support and management documentation / reporting. This support will be accomplished by reviewing existing processes, identifying improvements activities and recommending control improvements and/or efficiencies.

ESSENTIAL FUNCTIONS:

IS Compliance:

• At least 3- 4 years of industry experience as a PCI QSA and ability to assess complex PCI requirements.
• Plan and conduct complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
• Leads and/or participates on audit/compliance of applications, IT General Controls, and security of the enterprise.
• Leads and/or participates on audit/compliance activities of various departments for compliance with plans, policies and procedures.
• Manage and Support IT compliance activities for global IS in support of Statutory Audits, PCI, ISO27001 auditing, reporting and remediation where appropriate
• Execute operational activities to support audit and compliance activities including technical validation processes
• Manage quarterly self-assessment of global IS and reporting
• Ensure Global IS compliance to security standards as they relate to SOC1, SOC2 and ISO 27001 requirements
• Execute collection of evidence to support compliance status
• Provide and present reporting including monthly metric delivery
• Manage escalation and enforcement for unresolved noncompliance issues
• Be a liaison for Internet Audit activities, reporting and escalations
• Manage and Support External Audit activities and reporting
• Collect information, manage status of global PCI requirements and status
• Manage response and status to external reporting for financial compliance in relation to PCI
• Work with Information Security staff to ensure tools and reporting mechanisms are satisfactorily meeting Statutory Audits Objectives, PCI, SCO1 and SOC2 objectives
• Support compliance and security validation of all 3rdparty IT providers
• Maintain strong working relationships with internal and external support teams including Global, Regional and Country IS associates
• Support the Financial Compliance team in enforcing controls as required
• Work on special projects as required by management
• Stay abreast of changes within the IS compliance areas including business change requirements and regulatory changes from an international perspective
• Support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations

Process Improvement and Associate Success:

• Perform business processes value-added assessment of internal controls, systems, processes, financial reporting, and identify opportunities for improvement and efficiencies.
• Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
• Targets performance improvements while analyzing systems and processes.
• Understands, analyzes, and documents cost/benefit analysis where appropriate.
• Actively accepts individual and team responsibilities and meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
• Actively mentors and assists other IS personnel on topics related to IS security
• Effectively multi-tasks on multiple assignments and deliverables.
• Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Systems department.
• Possesses understanding of Ingram Micros business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.

Education and Technical Expertise:

• A Bachelors degree in Computer Science, Engineering, or related Science and Math discipline with an IS or Business emphasis is required.
• 8-10 years or more relative experience in a global information technology environment with a background in auditing and process support
• Strong knowledge in commercial ERP applications including SAP, Oracle
• Information Security background including an understanding of the basic security best practices, standards and methodologies
• IT technical knowledge in support of compliance including Operating System, Database, Networking and Security technologies
• Must possess a valid passport and be legally allowed to leave and return to originating country.
• Ability to formulate detailed technical documentation, remediation requirements
• Strong communication skills for both technical and business level discussions on compliance matters
• Relevant auditing and compliance certification (e.g. CISA) preferred

Behavioral Competencies:

Communication

• &...