Job Description
Brief Description:
Ensure the organization's compliance with applicable laws regulating their industry (e.g., government, energy, financial services, manufacturing, healthcare). Review organization's business practices to ensure pertinent regulations are followed, identify areas of non-compliance, and create a plan to implement changes as needed. Maintain a deep knowledge of regulations and stay abreast of all regulatory changes relevant to industry and organization. Review marketing materials to ensure they do not violate truth in advertising or ethics laws. Assist in the development of compliance training programs.
Responsibilities:
- Perform operational activities in the execution of Data Intensity audits including Data Intensity Internal Security and Financial audits as well as external SOC1, SOC2, ISO27001 audits.
- Participate in the design of new controls to satisfy company objectives.
- Collection of evidence based on documented procedures.
- Review of evidence against defined controls identifying exceptions.
- Performing escalations to compliance lead when clarification is needed.
- Coordinate with technical teams in the collection of evidence provided by them.
- Perform scheduled reviews of key internal controls outside of audit periods.
- Work with control owners to identify acceptable remediations activities for identified exceptions and confirm execution of the remediations.
- Work with technical teams to establish documented guidelines for the collection of evidence by the compliance team.
- Perform day-to-day compliance activities in response to internal and customer requests.
- Work with external auditors for the coordination of audit activities and the upload of required evidence and response to their questions.
- Provide support in the evaluation, tracking and maintenance of customer contractual requirements.
- Perform operational IT and Vendor Risk Management activities including the evaluation of internal and vendor risk questionnaires.
- Participate as a member of the Privacy team performing operational and audit tasks to maintain and improve upon the Data Intensity Privacy Program which includes GDPR, HIPAA and the CCPA.
- Serve as a member of the Data Intensity Global Risk Program team.
- Assist in the development, update, and enhancements on operational documentation in support of compliance, risk and privacy activities.
- Other duties as assigned
Skills:
- Strong background in MS Office Suite, particularly in Word, Excel and PowerPoint.
- Working knowledge of the audit lifecycle and related activities required and ServiceNow ticketing tool is an added advantage.
- Demonstrated knowledge of compliance frameworks desired but not required including SOC1/2, ISO (27000 series), latest PCI-DSS, GDPR, Privacy Shield and HIPAA
Education / Experience:
- 4+ years of relevant experience
- 4-year college degree preferred
- Mandatory to have ISO27001 Lead Auditor or Lead Implementor or equivalent certifications preferred.
- Compliance certifications like CISA and CRISC are an added advantage.
This role may require access to customer environments as a means of providing the necessary support to resolve an issue or inquiries into performance-related issues, or for periodic maintenance and management of the systems. In some instances, these environments may contain Personally Identifiable Information (PII) (e.g., such as HIPAA-related Personal Health Information PHI) and Payment Card Information (PCI). Personnel are expected to adhere to the highest standards of ethics and professionalism in protecting PII.
Brief Description:
Ensure the organization's compliance with applicable laws regulating their industry (e.g., government, energy, financial services, manufacturing, healthcare). Review organization's business practices to ensure pertinent regulations are followed, identify areas of non-compliance, and create a plan to implement changes as needed. Maintain a deep knowledge of regulations and stay abreast of all regulatory changes relevant to industry and organization. Review marketing materials to ensure they do not violate truth in advertising or ethics laws. Assist in the development of compliance training programs.
Responsibilities:
- Perform operational activities in the execution of Data Intensity audits including Data Intensity Internal Security and Financial audits as well as external SOC1, SOC2, ISO27001 audits.
- Participate in the design of new controls to satisfy company objectives.
- Collection of evidence based on documented procedures.
- Review of evidence against defined controls identifying exceptions.
- Performing escalations to compliance lead when clarification is needed.
- Coordinate with technical teams in the collection of evidence provided by them.
- Perform scheduled reviews of key internal controls outside of audit periods.
- Work with control owners to identify acceptable remediations activities for identified exceptions and confirm execution of the remediations.
- Work with technical teams to establish documented guidelines for the collection of evidence by the compliance team.
- Perform day-to-day compliance activities in response to internal and customer requests.
- Work with external auditors for the coordination of audit activities and the upload of required evidence and response to their questions.
- Provide support in the evaluation, tracking and maintenance of customer contractual requirements.
- Perform operational IT and Vendor Risk Management activities including the evaluation of internal and vendor risk questionnaires.
- Participate as a member of the Privacy team performing operational and audit tasks to maintain and improve upon the Data Intensity Privacy Program which includes GDPR, HIPAA and the CCPA.
- Serve as a member of the Data Intensity Global Risk Program team.
- Assist in the development, update, and enhancements on operational documentation in support of compliance, risk and privacy activities.
- Other duties as assigned
Skills:
- Strong background in MS Office Suite, particularly in Word, Excel and PowerPoint.
- Working knowledge of the audit lifecycle and related activities required and ServiceNow ticketing tool is an added advantage.
- Demonstrated knowledge of compliance frameworks desired but not required including SOC1/2, ISO (27000 series), latest PCI-DSS, GDPR, Privacy Shield and HIPAA
Education / Experience:
- 4+ years of relevant experience
- 4-year college degree preferred
- Mandatory to have ISO27001 Lead Auditor or Lead Implementor or equivalent certifications preferred.
- Compliance certifications like CISA and CRISC are an added advantage.
This role may require access to customer environments as a means of providing the necessary support to resolve an issue or inquiries into performance-related issues, or for periodic maintenance and management of the systems. In some instances, these environments may contain Personally Identifiable Information (PII) (e.g., such as HIPAA-related Personal Health Information PHI) and Payment Card Information (PCI). Personnel are expected to adhere to the highest standards of ethics and professionalism in protecting PII.
Brief Description:
Ensure the organization's compliance with applicable laws regulating their industry (e.g., government, energy, financial services, manufacturing, healthcare). Review organization's business practices to ensure pertinent regulations are followed, identify areas of non-compliance, and create a plan to implement changes as needed. Maintain a deep knowledge of regulations and stay abreast of all regulatory changes relevant to industry and organization. Review marketing materials to ensure they do not violate truth in advertising or ethics laws. Assist in the development of compliance training programs.
Responsibilities:
- Perform operational activities in the execution of Data Intensity audits including Data Intensity Internal Security and Financial audits as well as external SOC1, SOC2, ISO27001 audits.
- Participate in the design of new controls to satisfy company objectives.
- Collection of evidence based on documented procedures.
- Review of evidence against defined controls identifying exceptions.
- Performing escalations to compliance lead when clarification is needed.
- Coordinate with technical teams in the collection of evidence provided by them.
- Perform scheduled reviews of key internal controls outside of audit periods.
- Work with control owners to identify acceptable remediations activities for identified exceptions and confirm execution of the remediations.
- Work with technical teams to establish documented guidelines for the collection of evidence by the compliance team.
- Perform day-to-day compliance activities in response to internal and customer requests.
- Work with external auditors for the coordination of audit activities and the upload of required evidence and response to their questions.
- Provide support in the evaluation, tracking and maintenance of customer contractual requirements.
- Perform operational IT and Vendor Risk Management activities including the evaluation of internal and vendor risk questionnaires.
- Participate as a member of the Privacy team performing operational and audit tasks to maintain and improve upon the Data Intensity Privacy Program which includes GDPR, HIPAA and the CCPA.
- Serve as a member of the Data Intensity Global Risk Program team.
- Assist in the development, update, and enhancements on operational documentation in support of compliance, risk and privacy activities.
- Other duties as assigned
Skills:
- Strong background in MS Office Suite, particularly in Word, Excel and PowerPoint.
- Working knowledge of the audit lifecycle and related activities required and ServiceNow ticketing tool is an added advantage.
- Demonstrated knowledge of compliance frameworks desired but not required including SOC1/2, ISO (27000 series), latest PCI-DSS, GDPR, Privacy Shield and HIPAA
Education / Experience:
- 4+ years of relevant experience
- 4-year college degree preferred
- Mandatory to have ISO27001 Lead Auditor or Lead Implementor or equivalent certifications preferred.
- Compliance certifications like CISA and CRISC are an added advantage.
This role may require access to customer environments as a means of providing the necessary support to resolve an issue or inquiries into performance-related issues, or for periodic maintenance and management of the systems. In some instances, these environments may contain Personally Identifiable Information (PII) (e.g., such as HIPAA-related Personal Health Information PHI) and Payment Card Information (PCI). Personnel are expected to adhere to the highest standards of ethics and professionalism in protecting PII.
Job Classification
Industry: IT Services & Consulting
Functional Area: IT Services & Consulting
Role Category: Risk Management & Compliance - Other
Role: Risk Management & Compliance - Other
Employement Type: Full time
Contact Details:
Company: Data Intensity
Location(s): Hyderabad