ZS Associates - Senior Associate - IT Compliance & Audit (4-6 yrs)
ZS (www.zs.com) is the world's largest firm focused exclusively on helping companies improve overall performance and grow revenue and market share, through end-to-end sales and marketing solutions - from customer insights and strategy to analytics, operations and technology. More than 5,000 ZS professionals in 23 offices worldwide draw on deep industry and domain expertise to deliver impact for clients across multiple industries
ZS- India Capability and Expertise Centershouse more than 60% of ZS people across two locations based in Pune and Gurgaon. Our teams work in conjunction with onshore colleagues to deliver our sales and marketing projects to our clients. The Centers primarily support client projects based in North America, Europe and East Asia in the areas of Business Analysis, Business Operations and Business Technology.
We are currently seeking applicants for the position of a Compliance and Audit Delivery candidate in our Pune, India office. The position will support various management directed IT internal audit and compliance initiatives which include ongoing monitoring of the quality of operations of our Software as a Service (SaaS) product and business line offerings with ZS mandated standards, policies and procedures. Qualified candidates will possess the skills detailed below and relevant work experience. Please note, this position is not client facing and does not require travel to client sites, unless specifically directed by management. This position may require travel to other ZS offices to assist with audits, as directed.
As a Senior IT Compliance and Audit Associate you will work under the supervision of the Compliance and Audit Manager and report to appropriate local office management personnel. You will :
- Execute IT audit projects designed to provide assessment of internal control processes in accordance with ZSs IT policies, data security and privacy practices and legally binding contractual obligations and commitments to its clients.
- Perform IT risk assessments and third party cloud vendor security and privacy risk assessments.
- Execute detailed plans for performing individual audits in accordance with the ZS IT audit program.
- Prepare audit work papers and reports documenting the results of reviews of assigned activities and recommended management action.
- Participate in the planning and coordination of all audits of ZSs data security and privacy environment by ZSs clients.
- Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry IT trends to identify potential issues and risks.
- Participate in reviews of internal controls and security of systems under development as needed.
- With assistance from senior personnel, liaise with internal and external stakeholders to ensure IT compliance related documentation is kept up to date with ZSs compliance requirements, obligations and commitments, as needs evolve.
- Liaise with appropriate stakeholders including IT, Legal, HR, Finance and others, as needed, to ensure that compliance requirements are incorporated into ZS configured compliance workflow management tools.
- Assist with monitoring of ongoing organizational compliance with IT change management, logical and physical access, IT operations and other control procedures, as deemed necessary by management from time to time. Actively maintain findings and remediation recommendation registers. Track remediation activities to completion.
- Assist with the documentation of IT policies and procedures (e.g. IT change management, logical and physical access processes, data backups and restoration, disaster recovery processes).
- Assist with responding to client-driven RFPs, RFIs, and external security and privacy audits and questionnaires, as requested by management.
- Assist in the development of appropriate IT compliance training material and conduct training of impacted stakeholders, as needed.
- Assist with other IT audit and compliance related initiatives and special projects as assigned from time to time.
What are we looking for :
A successful IT Compliance and Audit Associate with 4-6 years of hands on experience in the following characteristics :
- BS/BA in computer science or related field with record of high academic achievement. Management Information Systems (MIS) degree or specialization highly preferred.
- Corporate or consulting firm IT audit/assurance engagement experience required. Big 4 IT assurance/public accounting firm experience, while not required, is strongly preferred.
- Certified or eagerness to become certified in one of the following IT audit related certifications while working at ZS (e.g. CISA, CISSP, CRISC, ISO27001 Lead Auditor).
- At least 4 years of hands on experience performing IT audits end to end including the documentation of audit plans, audit test scripts, audit narratives, test results, findings and remediation recommendation listings.
- At least 4 years of experience participating in IT audit engagement lifecycles (e.g. US SOX, US SOC1 & SOC2 audits) with some senor personnel oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement.
- Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers.
- Experience documenting IT policies and procedures (e.g. IT change management, logical and physical access, data backups and restoration processes).
- Excellent communication and organizational skills preferably with international exposure.
- Excellent command over the English language, verbal and written; experience writing IT audit narratives and reports required.
- Demonstrated ability to work independently and as part of a team of IT audit professional peers strongly preferred
- Ability and willingness to work hours which overlap with US time zones (e.g. US Central Time zone)
- Ability and willingness to travel to the US and other ZS offices, if needed, to assist with compliance and audit engagements, on a periodic basis.
Technical expectations include proficiencies in the following :
- Basic working knowledge of web based applications, operating systems and databases including Windows Active Directory, Linux, Microsoft SQL and Oracle.
- Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, Access, SharePoint)
Basic working knowledge of various control frameworks including :
- COBIT Control Objectives for Information and Related Technology
- ISO/IEC 27001:2013 Code of Practice for Information Security Management
- NIST SP 800-53
- HIPAA/HITECH Security and Privacy Audit Protocol
Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including :
- US SOX Sarbanes Oxley Act
- US HIPAA/HITECH Act
- EU GDPR General Data Protection Regulation
- US EU Privacy Shield
- India IT Act (data privacy provisions)
- India Companies Act