Senior Info Security Analyst

Cubic Transportation Systems   •  

San Diego, CA

Industry: Transportation

  •  

5 - 7 years

Posted 31 days ago

Job Details:

Job Summary:

Responsible for performing IT risk assessment as it relates to regulatory compliance. Plans and prepares the scope of IT compliance evaluation programs across the organization and isolates potential risks or liabilities and develop mitigation plans. Partners with internal and external auditors to coordinate and facilitate IT SOX compliance/audit efforts. This position typically works under general supervision and direction. Incumbents will regularly exercise discretionary and substantial decision-making authority.

Essential Job Duties and Responsibilities:

  • Plans, reviews, and performs (as needed) Sarbanes-Oxley (SOX) controls monitoring around complex customer facing systems, as well as internal financial systems using the ServiceNow GRC platform.

  • Defines and coordinates review controls (user access review, roles reviews, etc.) with the applicable business stakeholders. Proactively follows up to ensure completion and adherence to SOX standards
  • Works independently to schedule and conduct control walk through meetings and address follow up procedures to ensure all stakeholders understand duties and responsibilities.
  • Educates IT leaders and staff in compliant IT processes and controls. Prepare and maintain process and control documentation.
  • Partners with the SAP implementation and support teams to ensure strong internal controls for new systems. Establish procedures to ensure compliance of IT systems and processes.
  • Develops solutions to problems identified during audits, and translates these solutions into practical recommendations. Partners with operations to ensure timely and proper remediation of issues
  • Follows up on recommendations and appraises corrective actions taken to improve deficient conditions. Enforces all Corporate Standards, SDLC, Change Management etc.
  • Reviews vendor contracts and SOC reports and evaluates the results within the reports and impact on the company’s controls. Coordinates with third party vendors where appropriate.
  • Supports business mitigation activity for SAP GRC segregation of duties rules
  • Assists with the development and coordination of all Information Technology policies and procedures.
  • Provides supervision to security analyst staff managing ERP security and SOX compliance.
  • Completes other duties as needed to monitor and confirm compliance with other compliance requirements, such as NIST, ITAR, ISO, etc.

Minimum Job Requirements: Master’s degree in accounting, information technology, or related field, plus a minimum of 6 years of experience with IT general controls (ITGCs) and Application controls for IT SOX Compliance. Proven experience in IT and IT operations which must include audit standards, knowledge and analytical skills.

Expertise in using the ServiceNow GRC platform for risk assessment and compliance monitoring. One or more relevant certifications (CISA, CPA, CISSP, CIA, CFE or equivalent). Strong understanding of technical concepts required, as well as ability to understand complex internally developed systems. Financial experience and ability to understand financial compliance processes and procedures. Ability to interface with all levels of employees, management and external auditors. Ability to prioritize and complete multiple tasks while working under deadlines. Willingness to travel, both domestically and internationally up to 30%.

    REQ_16763