TITLE: Sr IT Compliance Analyst – Global IT Compliance
MAJOR OPERATING UNIT: Global Technology Strategy and Transformation Office
DEPARTMENT: Global IT Governance, Risk & Compliance
GRADE: 25 - 26
Job Code:
KEY OBJECTIVE
The objective of this position is to evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems. The position will direct the execution of an annual SOX attestation, customer-driven audits, and other regulatory audits performed by external auditors. Audits cover areas such as information security, computer operations, application development, operating systems, databases, network access, change management, user administration and segregation of duties. The position also assists IT control owners with control design, standards and opportunities for efficiencies as it relates to CHUBB’s Global IT Compliance Program and SOX 404 requirements. The position will facilitate and manage audit plans, resource planning, risk assessments, and report preparations. The position will have direct contact with key external customers and respond independently to customer inquiries about the adequacy of our internal controls. This role will proactively identify control gaps in advance of auditors and facilitate the development and implementation of remediation actions based on practical solutions and sound risk management. This position reports to the IT Compliance Manager.
MAJOR DUTIES & RESPONSIBILITIES
Strategically manage special projects and initiatives to identify, implement and monitor process improvement opportunities.
Provide subject matter expertise and consultative support to the IT community pertaining to control documentation, testing, audit standards and Sarbanes Oxley requirements.
Identify and recommend opportunities to improve the effectiveness and efficiencies of compliance activities and IT key controls.
Participate in audit closing meetings to discuss audit issues, improvement opportunities and control deficiency resolutions.
Guide management in the creation of management action plans that resulted from an audit.
Track remediation plans to ensure IT Management is on track for any audit remediation commitments and are addressed timely
Clearly communicate IT control issues formally and informally to all levels of management.
Evaluate and recommend opportunities to maximize the efficiency and effectiveness of audit activities.
Perform quality control assessment over testing performed by IT management.
Perform and facilitate periodic SOX control executions on behalf of IT management.
Represent CHUBB IT on compliance related matters with business customers, vendors, and auditors
Participates in other special projects as required, including IT compliance initiatives, risk assessments, policy development and compliance with SOX 404.
Support the annual SSAE18 (SOC-1 & SOC-2) certification to ensure management achieves desired results
Support and collaborate with IT compliance and information security staff to enhance CHUBB’s control and security policies within the US and globally.
MINIMUM REQUIREMENTS
Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently
Demonstrates sense of urgency and a high-degree of initiative and professional judgment
Responsibilities require strong collaboration with the ability to influence and affect change, in support of key objectives, across IT leads, internal and external auditors, and business management.
2-5 years of IT auditing or IT risk management experience leveraging the COBIT and NIST framework
In-depth understanding of Sarbanes-Oxley section 404, SSAE18(SOC-1 and SOC-2) and ISO standards
General knowledge of IT operating environments to include mainframe, Windows and UNIX platforms
Understanding of business practices pertaining to access administration & security, SDLC, IT operations, and application automated processes.
Strong results orientation and customer service driven
Perform without constant management oversight and produce result
Demonstrates sense of urgency and a high-degree of initiative and professional judgment
DESIRED QUALIFICATIONS
CISA, CRISC, CISSP CISM or CDPSE certification (or on pace to obtain)
BS in Computer Science, Information Systems, or related field