ADP is hiring a Security Audit Management Sr. Analyst
Please ensure you read the below overview and requirements for this employment opportunity completely.
Regulatory compliance is a critical component of ADP's security program. In this role, and as a critical member of the Global Security Organization for ADP, you will be responsible for the collection, review, and sharing of security control evidence, as well as understanding information security regulations and frameworks and guiding business unit associates in their information security compliance efforts.
You will coordinate with internal and external auditors and partner with talented security and business practitioners globally to gather and provide compliance evidence on time.
You will coordinate the security audit program using your technical expertise and background to provide advice and direction to security stakeholders and auditors.
This includes managing requests, monitoring compliance (e.g., regulations and frameworks) updates, responding to findings, and reporting compliance results to senior management.
To thrive in this career, you’ll need to be able to leverage industry-accepted security frameworks, standards, and regulations, such as ISO 27001, NIST Cybersecurity Framework, NIST 800-53, NYDFS NYCRR 500, PCI, etc.
You will interact in a professional manner and develop relationships with individuals and teams at any level. Strong communication skills, attention to detail, and problem-solving abilities are essential to success.
WHAT YOU'LL DO :
Compliance Monitoring. You will monitor relevant information security regulations, frameworks, and standards and communicate updates to the business.
Your role requires a strong understanding of the compliance requirements so guidance can be provided to the business, when necessary.
You will be required to apply your knowledge of the compliance requirements and business controls to escalate compliance concerns.
Evidence Requests. You will coordinate with Internal and External auditors, gathering evidence requests and communicating the requests to the control owners.
You will be required to monitor request completion and perform follow-ups. All requests will be reviewed for adequacy before providing to Internal and External auditors.
This role will be responsible for building and maintaining an evidence repository that will be used to satisfy audit requests.
Compliance Assessment. You will be responsible for assessing compliance with requirements and documenting compliance gaps as findings.
Follow-up will be performed to track remediation through to completion.
- Finding Remediation. You will manage the finding remediation process, including :
- Drafting and / or editing wording.
- Monitoring and driving completion.
- Reporting status to senior management.
- Security Audit Governance. You will be responsible for maintaining oversight of all compliance assessments and audits that the Global Security Organization is subject to, performs, and / or supports.
You will have the opportunity to improve the governance process and develop internal tools that will allow for improved connections in our governance, risk, and compliance program.
In this role, you will be looked at as the security compliance expert. As such, you will regularly receive inquiries about security compliance requirements from associates looking for guidance.
TO SUCCEED IN THIS ROLE :
A bachelor’s degree or equivalent - A degree in information systems, computer science, or other related technology fields is great but not required.
We are looking for 3+ years of experience in performing security audits / assessments or in performing governance, risk, and compliance activities (e.
g., control testing, risk assessment, etc.).
- Attention to Details. Your ability to understand security practices, determine how they will affect compliance with regulations and frameworks, and how they apply at ADP will be necessary to drive security compliance.
- See the Big Picture . Your ability to consume technical requirements and use your knowledge and expertise to understand how they fit into the broader compliance landscape will be necessary to guide the control owners and promote clarity.
- Communicate Effectively. Your ability to understand security risks and frameworks / regulations and communicate to stakeholders how to effectively comply with the requirements will be necessary to drive the security audit program.
There will be times when you will need to translate information between multiple groups to ensure alignment.
Highly organized and time efficient. You will be working on multiple projects at a time and will be expected to drive each project to completion in line with target dates.
Your ability to stay organized, work efficiently, and report on progress will be necessary to be effective in this role.
One or more industry certifications, such as the CISSP, CRISC, CISM, CISA, GCIA, GSEC, or related certifications, are strongly preferred .
J-18808-Ljbffr