Philadelphia, PA
74 days ago
Sr. Analyst NA IT Compliance

KEY OBJECTIVE

The objective of this position is to evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of information systems.  The position will direct the execution of an annual SOX attestation, customer-driven audits, and other regulatory audits performed by external auditors. Audits cover areas such as infrastructure, cloud, information security, computer operations, application development, operating systems, databases, network access, change management, user administration and segregation of duties.  The position also assists IT control owners with control design, standards and opportunities for efficiencies as it relates to CHUBB’s Global IT Compliance Program and SOX 404 requirements. The position will facilitate and manage audit plans, resource planning, risk assessments, and report preparations. The position will have direct contact with key external customers and respond independently to customer inquiries about the adequacy of our internal controls. This role will proactively identify control gaps in advance of auditors and facilitate the development and implementation of remediation actions based on practical solutions and sound risk management. This position reports to the AVP, Leader of SOX Compliance, NA. 

 

MAJOR DUTIES & RESPONSIBILITIES Strategically manage special projects and initiatives to identify, implement and monitor process improvement opportunities. Provide subject matter expertise and consultative support to the IT community pertaining to control documentation, testing, audit standards and Sarbanes Oxley requirements. Identify and recommend opportunities to improve the effectiveness and efficiencies of compliance activities and IT key controls. Participate in audit closing meetings to discuss audit issues, improvement opportunities and control deficiency resolutions. Guide management in the creation of management action plans that resulted from an audit.  Track remediation plans to ensure IT Management is on track for any audit remediation commitments and are addressed timely Clearly communicate IT control issues formally and informally to all levels of management. Evaluate and recommend opportunities to maximize the efficiency and effectiveness of audit activities. Facilitate risk and financial impact assessments over audit related deficiencies. Perform quality control assessment over testing performed by IT management. Perform and facilitate periodic SOX control executions on behalf of IT management. Represent CHUBB IT on compliance related matters with business customers, vendors, and auditors Participates in other special projects as required, including IT compliance initiatives, risk assessments, policy development and compliance with SOX 404. Supports the annual ESIS SOC Audit to ensure management achieves desired results. Performs annual reviews for identified SSAE18 (SOC-1 & SOC-2) reports.  Supports the annual PCI audit for Personal Lines and Small Commercial  Support and collaborate with IT compliance and information security staff to enhance CHUBB’s control and security policies within the US and globally. MINIMUM REQUIREMENTS  Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently Demonstrates sense of urgency and a high-degree of initiative and professional judgment Responsibilities require strong collaboration with the ability to influence and affect change, in support of key objectives, across IT leads, internal and external auditors, and business management. 2-5 years of IT auditing or IT risk management experience leveraging the COBIT and NIST framework In-depth understanding of Sarbanes-Oxley section 404, SSAE18(SOC-1 and SOC-2) and ISO standards General knowledge of Infrastructure systems, networks, and best practices for their management and security.  General knowledge of Cloud controls and policies.  General knowledge of IT operating environments to include mainframe, Windows and UNIX platforms. Understanding of business practices pertaining to access administration & security, SDLC, IT operations, and application automated processes. Strong results orientation and customer service driven Perform without constant management oversight and produce result  Demonstrates sense of urgency and a high-degree of initiative and professional judgment DESIRED QUALIFICATIONS CISA, CRISC, CISSP CISM or CDPSE certification (or on pace to obtain) BS in Computer Science, Information Systems, or related field
Confirm your E-mail: Send Email