Job Description for Sr. IS Security SAP Analyst Ingram Micro Inc.
JOB TITLE: Sr. IT Compliances Specialist COMPLETED BY: Madhur Sharma
JOB CODE: To be created DATE: 02/05/2020
DEPARTMENT: Global IS GRADE/FLSA: 8
POSITION REPORTS TO: Manager, Compliance
APPROVED BY: Madhur Sharma
JOB TITLES REPORTING TO THIS POSITION: None
The Sr. IS Compliance Specialist is responsible for performing, or leading, complex and/or significant compliance reviews, within the IT audits including network, internet, applications, telecommunications, security administration, and contingency planning. Assess risks, develops detail audit/compliance programs, execute audit/compliance programs steps, analyses results and effectively communicates results to senior management.
On a primarily independent basis, support global activities as they relate to IS compliance including: Financial Regulations, Statutory Audits, PCI, ISO 27001, customer commitment obligations such as SOC1 and SOC2 attestation, Internal and External Auditor liaison support and management documentation / reporting. This support will be accomplished by reviewing existing processes, identifying improvements activities and recommending control improvements and/or efficiencies.
- At least 3- 4 years of industry experience as a PCI QSA and ability to assess complex PCI requirements.
- Plan and conduct complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
- Leads and/or participates on audit/compliance of applications, IT General Controls, and security of the enterprise.
- Leads and/or participates on audit/compliance activities of various departments for compliance with plans, policies and procedures.
- Manage and Support IT compliance activities for global IS in support of Statutory Audits, PCI, ISO27001 auditing, reporting and remediation where appropriate
- Execute operational activities to support audit and compliance activities including technical validation processes
- Manage quarterly self-assessment of global IS and reporting
- Ensure Global IS compliance to security standards as they relate to SOC1, SOC2 and ISO 27001 requirements
- Execute collection of evidence to support compliance status
- Provide and present reporting including monthly metric delivery
- Manage escalation and enforcement for unresolved noncompliance issues
- Be a liaison for Internet Audit activities, reporting and escalations
- Manage and Support External Audit activities and reporting
- Collect information, manage status of global PCI requirements and status
- Manage response and status to external reporting for financial compliance in relation to PCI
- Work with Information Security staff to ensure tools and reporting mechanisms are satisfactorily meeting Statutory Audits Objectives, PCI, SCO1 and SOC2 objectives
- Support compliance and security validation of all 3rd party IT providers
- Maintain strong working relationships with internal and external support teams including Global, Regional and Country IS associates
- Support the Financial Compliance team in enforcing controls as required
- Work on special projects as required by management
- Stay abreast of changes within the IS compliance areas including business change requirements and regulatory changes from an international perspective
- Support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations
Process Improvement and Associate Success:
- Perform business processes value-added assessment of internal controls, systems, processes, financial reporting, and identify opportunities for improvement and efficiencies.
- Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
- Targets performance improvements while analyzing systems and processes.
- Understands, analyzes, and documents cost/benefit analysis where appropriate.
- Actively accepts individual and team responsibilities and meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
- Actively mentors and assists other IS personnel on topics related to IS security
- Effectively multi-tasks on multiple assignments and deliverables.
- Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Systems department.
- Possesses understanding of Ingram Micro’s business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.
Education and Technical Expertise:
- A Bachelor’s degree in Computer Science, Engineering, or related Science and Math discipline with an IS or Business emphasis is required.
- 8-10 years or more relative experience in a global information technology environment with a background in auditing and process support
- Strong knowledge in commercial ERP applications including SAP, Oracle
- Information Security background including an understanding of the basic security best practices, standards and methodologies
- IT technical knowledge in support of compliance including Operating System, Database, Networking and Security technologies
- Must possess a valid passport and be legally allowed to leave and return to originating country.
- Ability to formulate detailed technical documentation, remediation requirements
- Strong communication skills for both technical and business level discussions on compliance matters
- Relevant auditing and compliance certification (e.g. CISA) preferred
- Keeps his/her manager informed of any problems, challenges, or unanticipated events affecting his/her work.
- Listens respectfully and avoids interrupting.
- Expresses ideas and suggestions in an organized and concise manner both orally and in written form.
- Solicits and readily accepts constructive feedback.
- Maintains composure when addressing an adversarial or hostile audience.
- Researches and collects appropriate data points for effective decision making.
- Readily makes recommendations and includes necessary documentation and material to support conclusions.
Develops Innovative Practices
- Identify, develop and manage innovative ideas and solutions to problems.
- Identify opportunities to reduce inefficiencies in work processes.
- Recognizes when it is appropriate to challenge the status quo and when it is not.
Works as a Team Member
- Supports team decisions to implement changes, suggestions, improvements, and solutions.
- Encourages and supports the exploration and application of best practices.
- Offers assistance to others and shares information regardless of personal likes or dislikes.
Acts with Integrity & Respect
- Prevents personal conflicts from interfering with his/her objectivity.
- Consistently arrives on time for meetings and appointments.
- Accepts responsibility for the results of his/her decisions and actions.
- Behaves in a way that is consistent with Ingram Micro’s values.
MENTAL AND PHYSICAL DEMANDS:
Must be able to exercise good, consistent judgment when evaluating technical implementations or business requirements against corporate policies or escalating issues
- Must be able to work with people from different countries and cultures
- Must be able to work in high pressure situations related to IS security matters
- Must be available for support requirements based on global responsibilities
- Must be able to work early morning and late evening hours and weekends, when required
- Must be able to communicate effectively in writing. Must be able to write clear, concise and factual evaluation documents that can be understood by others
- Must be able to participate in meetings several times a month to give and receive information
- Must be able to follow direction and procedures accurately; to organize facts and figures; apply basic math
- Daily sitting, focusing on and operating a personal computer or terminal keyboard for over 120 minutes at a time.
- Communicates by telephone for more than 60 minutes on a daily basis.
- Writes using pen/pencil or personal computer keyboard for up to 120 minutes at a time on a daily basis.
- Reads printed words and numbers in printed form and on computer/terminal monitor.
- Distinguishes objects or symbols at 20 feet or more and 20 inches or less.
- Travel by air, from 1 to 10 days, is required. Must be able to sit on a plane for up to 13 hours at a time
EQUIPMENT USED AND NECESSARY:
Mobile device such a Blackberry
Advanced computer equipment
May be required to work in an office environment, with or without air conditioning and fluorescent lighting. May also be required to spend time in a distribution center, without air conditioning. Some geographies may have remote office conditions of lower standards than the home country.