Sr. Governance Risk & Compliance Auditor Location: Salt Lake City, UT We are looking for a detail-oriented and hands on Senior Governance, Risk, and Compliance Auditor who will be responsible for helping to maintain and improve our organization's compliance program including our security auditing requirements (e.g., AICPA SOC 2, ISO 27001, PCI-DSS, FedRAMP, GDPR, CCPA, HITRUST, etc.). In this role, you will also be responsible for leading activities such as compliance framework management, auditing project management, customer security questionnaires, vendor security reviews, auditing framework control mapping, and quarterly access reviews. You will help collect audit evidence, participate in audits, help implement security controls, draft and maintain compliancy policy documentation, and collect security related metrics to enhance auditing programs. You will be joining an experienced team of information security professionals with a strong commitment to teamwork.
Major Functions/Responsibility
Lead various governance, risk & compliance projects end to end, from design phase to closure phase. Perform continuous monitoring.
Develop project timeline, roadmap and list of required tasks for various teams. Be the security SME for driving compliance efforts & initiatives.
Work closely with product, regulatory, privacy, security, engineering, operations, sales, marketing to develop strategy for various market segments including for government & similar verticals in US and abroad.
Perform planning, scoping, execution and liaising with auditors and manage compliance & security audits.
Manage the collection of compliance related security metrics
Work with other teams such as Legal, Engineering, IT, Finance, and HR to ensure compliance across the organization
Perform deep analysis of systems to understand limitations and weaknesses to identify cybersecurity challenges.
Stay current on industry developments to identify emerging security technologies, risks and trends to ensure our systems keep pace with security technology and risk landscape evolution.
Identify opportunities for efficiencies, as well as for improvements in security controls while leading the design and implementation of related improvements.
Demonstrate technical project management skills, and the capabilities to organize and track own work, and the work of others.
Maintain the highest level of personal certification, integrity and objectivity, following the company Code of Ethics and Nice inContact policies and procedures.
Required Education, Experience, and Specific Job Related Skills
Education Requirement:
Bachelor's degree in Business, Information Systems, Information Security or related field or equivalent work experience required.
Experience Requirement:
6+ years of audit experience, project management, or similar.
Proficiency in computer skills such as word processing, Excel and other business software to prepare reports, memos, summaries and analysis.
Excellent people-interaction skills and the ability to interpret operational processes into financial terms.
Ability to work under time constraints and deadlines.
Ability to work with various departments and levels of management; taking and following directions and carrying out tasks and assignments in timely manner with a positive attitude.
Advance planning and project management skills Ability to meet multiple deadlines.
Knowledge of internal control concepts and related test of control techniques. Includes financial and operational controls at the entity and transaction/activity levels, as well as knowledge of a major recognized control framework.
Experience Preferred:
CISA, CISM, and CISSP certifications are a plus
AWS experience is a plus
ISO 27001, GDPR/CCPA, PCI-DSS, HITRUST, and SOC 2 experiences are a plus
Considerable knowledge of and skill in applying auditing principles and practices, including but not limited to the following:
Process level audit risk assessment and planning, process and control evaluation, development and implementation of audit programs involving tests of internal controls, substantive testing and appropriate sampling techniques.
ABOUT NICE inContact: NICE inContact makes it easy and affordable for organizations around the globe to provide exceptional customer experiences while meeting key business metrics. NICE inContact provides the world's No. 1 cloud customer experience platform, NICE inContact CXone™, combining best-in-class Omnichannel Routing, Workforce Optimization, Analytics, Automation and Artificial Intelligence on an Open Cloud Foundation. NICE inContact is a part of NICE (Nasdaq: NICE), the worldwide leading provider of both cloud and on-premises enterprise software solutions.