Job Description:

POSITION DESCRIPTION                                                                   

TITLE: Sr IT Compliance Analyst – Global IT Compliance

MAJOR OPERATING UNIT: Global Technology Strategy and Transformation Office      

DEPARTMENT: Global IT Governance, Risk & Compliance                                                    

GRADE:  25 - 26

Job Code:                                                                                           

KEY OBJECTIVE

The objective of this position is to evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.  The position will direct the execution of an annual SOX attestation, customer-driven audits, and other regulatory audits performed by external auditors. Audits cover areas such as information security, computer operations, application development, operating systems, databases, network access, change management, user administration and segregation of duties.  The position also assists IT control owners with control design, standards and opportunities for efficiencies as it relates to CHUBB’s Global IT Compliance Program and SOX 404 requirements. The position will facilitate and manage audit plans, resource planning, risk assessments, and report preparations. The position will have direct contact with key external customers and respond independently to customer inquiries about the adequacy of our internal controls. This role will proactively identify control gaps in advance of auditors and facilitate the development and implementation of remediation actions based on practical solutions and sound risk management. This position reports to the IT Compliance Manager.

MAJOR DUTIES & RESPONSIBILITIES

• Strategically manage special projects and initiatives to identify, implement and monitor process improvement opportunities.


• Provide subject matter expertise and consultative support to the IT community pertaining to control documentation, testing, audit standards and Sarbanes Oxley requirements.


• Identify and recommend opportunities to improve the effectiveness and efficiencies of compliance activities and IT key controls.


• Participate in audit closing meetings to discuss audit issues, improvement opportunities and control deficiency resolutions.


• Guide management in the creation of management action plans that resulted from an audit.


• Track remediation plans to ensure IT Management is on track for any audit remediation commitments and are addressed timely


• Clearly communicate IT control issues formally and informally to all levels of management.


• Evaluate and recommend opportunities to maximize the efficiency and effectiveness of audit activities.


• 
  Facilitate risk and financial impact assessments over audit related deficiencies.


• Perform quality control assessment over testing performed by IT management.


• Perform and facilitate periodic SOX control executions on behalf of IT management.


• Represent CHUBB IT on compliance related matters with business customers, vendors, and auditors


• Participates in other special projects as required, including IT compliance initiatives, risk assessments, policy development and compliance with SOX 404.


• Support the annual SSAE18 (SOC-1 & SOC-2) certification to ensure management achieves desired results


• Support and collaborate with IT compliance and information security staff to enhance CHUBB’s control and security policies within the US and globally.

MINIMUM REQUIREMENTS

• Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently


• Demonstrates sense of urgency and a high-degree of initiative and professional judgment


• Responsibilities require strong collaboration with the ability to influence and affect change, in support of key objectives, across IT leads, internal and external auditors, and business management.


• 2-5 years of IT auditing or IT risk management experience leveraging the COBIT and NIST framework


• In-depth understanding of Sarbanes-Oxley section 404, SSAE18(SOC-1 and SOC-2) and ISO standards


• General knowledge of IT operating environments to include mainframe, Windows and UNIX platforms


• Understanding of business practices pertaining to access administration & security, SDLC, IT operations, and application automated processes.


• Strong results orientation and customer service driven


• Perform without constant management oversight and produce result 


• Demonstrates sense of urgency and a high-degree of initiative and professional judgment

DESIRED QUALIFICATIONS

• CISA, CRISC, CISSP CISM or CDPSE certification (or on pace to obtain)


• BS in Computer Science, Information Systems, or related field