Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:
-Perform audits/reviews to assess risks in Application development and maintenance service environment
- manage risk in Application development and maintenance service to an acceptable level
- increase the level of awareness of and compliance with policy and process related matters
- support successful completion of various external compliance certification programs and internal compliance assessments
- introduce continual improvement including lessons learned from matters requiring intervention
This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.
Must-Have Skills/Qualifications (list in order of priority): (*useful but not essential for L10)
Minimum of 3-year experience in Auditing principles and practices (sample qualifications*: CISA, ISO 27001 Lead Auditor)
Minimum of 3-year experience in Application security/audit roles in Application development & maintenance service industry
(sample qualifications*: EC-Council’s CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker),
Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development
Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption
Minimum of 3-year experience in Operational compliance requirements)
Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)
Risk management or assessment (sample qualification*: CRISC)
Knowledge of cloud environment and services (sample qualification*: Microsoft Azure/AWS/Google Certifications)
Team and stakeholder management
Nice-to-Have Skills/Qualifications:
Data privacy and protection (sample qualifications*: CIPM, CIPT, CIPP)
CISSP*, CISM*, CISA*, CCSK*, CCSP*
SOC1 and SOC2 (SSAE16 / ISAE3402) awareness
Business Continuity and Disaster Recovery awareness (ISO 22301)
Other Requirements (i.e., travel, overtime %):
Occasional within country travel.
Flexibility in working hours required for meetings with the global team and with service
delivery contacts in other geographies – overtime may be necessary at times