+ Actively participate in walkthroughs with senior engineers to build up a good understanding about the environment and control processes. + Capture detailed notes and evidence screenshots as part of the walkthroughs. + Responsible for completing the assessment reports including accurate and detailed notes about the complete understanding of control processes. + Scheduling walkthrough meetings and periodic status sync calls for both internal and external assessments. + Review offline evidence provided by the business units in a timely manner and raise follow up questions to the BUS when needed to make sure GCC obtains complete and sufficient evidence for the assessments. + Perform sample testing to make sure controls operate effectively throughout the audit period. + Notify management in a timely manner when the team notices any potential control gaps from performing the gap assessments/internal readiness assessments. + Collaborate with the engineering team to create remediation plans for the control gaps identified from the assessments when needed. Responsible for transferring evidence obtained from internal assessment to external assessor site and make sure the RFI is updated with the latest evidence status. + Review RFI status for external assessments to make sure GCC addresses any follow up questions in a timely manner. Required + At least 3 years of relevant experience in a compliance role. + Strong knowledge of Core IT processes/services such as SDLC, Identity/ User Access Management, Vulnerability Management, Backup, and DR processes. + Hands-on experience with AWS and other cloud environments. + Experience with reviewing audit evidence and sample testing to assess both the design and effectiveness of controls. + Understanding of risk management methodologies, frameworks and principles (AICPA, SOC 2, ISO, PCI, HIPAA) to evaluate and recommend the best approach to mitigating risk with best-in-class controls. + Excellent communication skills. + Ability to prioritize and multi-task in a fast change in environment. + Relevant certifications like CISA, CISSP, CCSK and other will be plus. Preferred In-depth experience with security policies, standards, and controls definition.