SAS
Sr. Associate IT Auditor, GRC-A
SAS, Cary, North Carolina, United States, 27518
Sr. Associate IT Auditor, GRC–A
– Remote or Hybrid, Cary, NC
Nice to meet you!
We're a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence – and questions into answers.
We're also a debt–free multi–billion–dollar organization on our path to IPO–readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world–class employee experience, you'll find it here.
About the jobThe GRC team is looking for a Sr. Associate IT Auditor to help conduct audits to ensure internal controls are in place that align with various regulations (which may include ISO 27001, PCI, FISMA, IRS 1075, and NIST 800–53) as well as the policies and procedures set forth by SAS. A secondary focus is to operate in a compliance role, assist in the risk program, and facilitate remediation of continuous improvement efforts across the business.
As a Sr. Associate IT Auditor you will:
Assist with internal audits by:Benchmarking of security policies against best practices and standards, which may include ISO 27001, PCI, FISMA, IRS 1075, and NIST 800–53.Creating and executing audit test cases and managing work papers and evidence.Developing and presenting Audit Reports.Using the ServiceNow IRM tool to create and manage continuous monitoring indicators, build reporting dashboards, document electronic work papers, and manage audit documentation.Performing issue remediation tasks such as analysis, documentation, follow–up, and retesting in response to audit findings.Operating as a consultant, researching and recommending changes to enhance or streamline quality and information security procedures, including internal and external auditing.Reviewing hosting, security, and audit contract terms and ensuring compliance with current policies and processes.Helping maintain the IT and security policy and process development and updates, while ensuring compliance with regulatory regulations and guidance.Assisting in conducting Risk Assessments, including participation in risk workshops with subject matter experts where vulnerabilities and threats are discussed in association with likelihood and probability factors.Coordinating response to complete RFP and security questionnaires.Performing other duties, as assigned.
Required QualificationsBachelor's degree in Business, IT, Computer Science or related field.2–5 years of experience in an audit, compliance, risk or governance–related functions.Knowledge of IT, project management, compliance or quality auditor procedures and tools (not financial/accounting).Auditor certification, such as CISA or CQA, or equivalent professional training.Must have the ability to work with little supervision, escalating issues as appropriate.Equivalent combination of related education, training, and experience may be considered in place of the above qualifications.
Preferred QualificationsUnderstanding of Active Directory and access control.Understanding of best practices for information security and data privacy.Knowledge and experience with best practices/standards: ISO 27001, ITIL, or COBIT.Understanding of regulatory standards: PCI, FISMA/NIST 800–53, or IRS 1075.Experience with a GRC System and Electronic Workpapers.Experience with ServiceNow issue management ticketing system (Preferably IRM).SAS software implementation experience or prior implementation experience.IT hosting experience.
World–Class BenefitsHighlights include:
Comprehensive medical, prescription, dental, and vision plans.Medical plan options include PPO with low annual deductible and copays.HDHP combined with a health savings account with a contribution from SAS.Onsite Health Care Center (HQ) that's free to employees and family members enrolled in the PPO plan.An industry–leading 401k plan.Generous time away including vacation time, a variety of paid holidays, and our much–loved U.S. Winter Wellness Break between December 25 and January 1.Volunteer Time Off, parental leave, and unlimited paid sick days.Generous childcare benefits for all full–time employees.
Diverse and InclusiveAt SAS, it's not about fitting into our culture – it's about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it's essential to who we are. To put it plainly: you are welcome here.
Additional Information:To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law.
Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
SAS only sends emails from verified "(url removed)" email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact.
#J-18808-Ljbffr
– Remote or Hybrid, Cary, NC
Nice to meet you!
We're a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence – and questions into answers.
We're also a debt–free multi–billion–dollar organization on our path to IPO–readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world–class employee experience, you'll find it here.
About the jobThe GRC team is looking for a Sr. Associate IT Auditor to help conduct audits to ensure internal controls are in place that align with various regulations (which may include ISO 27001, PCI, FISMA, IRS 1075, and NIST 800–53) as well as the policies and procedures set forth by SAS. A secondary focus is to operate in a compliance role, assist in the risk program, and facilitate remediation of continuous improvement efforts across the business.
As a Sr. Associate IT Auditor you will:
Assist with internal audits by:Benchmarking of security policies against best practices and standards, which may include ISO 27001, PCI, FISMA, IRS 1075, and NIST 800–53.Creating and executing audit test cases and managing work papers and evidence.Developing and presenting Audit Reports.Using the ServiceNow IRM tool to create and manage continuous monitoring indicators, build reporting dashboards, document electronic work papers, and manage audit documentation.Performing issue remediation tasks such as analysis, documentation, follow–up, and retesting in response to audit findings.Operating as a consultant, researching and recommending changes to enhance or streamline quality and information security procedures, including internal and external auditing.Reviewing hosting, security, and audit contract terms and ensuring compliance with current policies and processes.Helping maintain the IT and security policy and process development and updates, while ensuring compliance with regulatory regulations and guidance.Assisting in conducting Risk Assessments, including participation in risk workshops with subject matter experts where vulnerabilities and threats are discussed in association with likelihood and probability factors.Coordinating response to complete RFP and security questionnaires.Performing other duties, as assigned.
Required QualificationsBachelor's degree in Business, IT, Computer Science or related field.2–5 years of experience in an audit, compliance, risk or governance–related functions.Knowledge of IT, project management, compliance or quality auditor procedures and tools (not financial/accounting).Auditor certification, such as CISA or CQA, or equivalent professional training.Must have the ability to work with little supervision, escalating issues as appropriate.Equivalent combination of related education, training, and experience may be considered in place of the above qualifications.
Preferred QualificationsUnderstanding of Active Directory and access control.Understanding of best practices for information security and data privacy.Knowledge and experience with best practices/standards: ISO 27001, ITIL, or COBIT.Understanding of regulatory standards: PCI, FISMA/NIST 800–53, or IRS 1075.Experience with a GRC System and Electronic Workpapers.Experience with ServiceNow issue management ticketing system (Preferably IRM).SAS software implementation experience or prior implementation experience.IT hosting experience.
World–Class BenefitsHighlights include:
Comprehensive medical, prescription, dental, and vision plans.Medical plan options include PPO with low annual deductible and copays.HDHP combined with a health savings account with a contribution from SAS.Onsite Health Care Center (HQ) that's free to employees and family members enrolled in the PPO plan.An industry–leading 401k plan.Generous time away including vacation time, a variety of paid holidays, and our much–loved U.S. Winter Wellness Break between December 25 and January 1.Volunteer Time Off, parental leave, and unlimited paid sick days.Generous childcare benefits for all full–time employees.
Diverse and InclusiveAt SAS, it's not about fitting into our culture – it's about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it's essential to who we are. To put it plainly: you are welcome here.
Additional Information:To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law.
Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
SAS only sends emails from verified "(url removed)" email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact.
#J-18808-Ljbffr