Zs’s corporate enterprise functions operate the firm’s core internal functionsOur global teams comprise team-oriented, pragmatic and results-driven people who thrive in a challenging work environmentOur people come from diverse backgrounds but share a passion for quality customer service and dedication—whether our customer is a client or another zs employee.
Information technology provides products and services to zs to ensure successful business outcomesIt provides internal information technology solutions and support for zs, including custom enterprise web and erp applications, it infrastructure and technology support.
Risk governance specialist
We are currently seeking applicants for the position of a it risk governance specialist to join our india it governance, compliance and audit teamThe position will support various management directed, it risk governance initiatives which include reviewing findings from vulnerability assessments, driving remediation of vulnerabilities, proactively identifying process and technical gaps which may result in potential audit issues, verifying that remediation plans are implemented and tracked through completion, preparing reports for senior leadership consumption, assisting with risk reporting activities to zs’s risk committees, creating and maintaining security risk scorecards based on risk and threat levels assigned to zs managed assets and user populations, and preparing reports for internal and external stakeholder consumptionQualified candidates will possess the skills detailed below and relevant work experiencePlease note, this position is not client facing and does not require travel to client sites, unless specifically directed by managementThis position may require travel to other zs offices to assist with governance related activities and internal audits, as directed.
Responsibilities:
Assist in maturing the first line of defense function across it by establishing requirements for monitoring it controls across the organization;
Develop a process, risk, control framework with it to map organizational controls and establish the accountability and ownership for it risk management and control activities;
Track and verify adherence to information security polices procedures and requirements;
Analyze findings from security monitoring systemsReview all current and existing vulnerabilities for active and acceptable remediation plans;
Prepare findings reports for review by various stakeholders which may include application owners, data owners and custodians, system administrators, other it and business unit leadership and company level risk and audit committees;
Verify that remediation plans are implemented per remediation planProactively review and identify any potential gaps that may result in possible audit issues;
Review vulnerability scan results to identify security risks and report on findings to appropriate stakeholders;
Create and manage security risk scorecards based on risk levels assigned to zs managed assets and personnel with access to sensitive information (e.gIn accordance with a data classification matrix);
Assist compliance and audit team members with the preparation of detailed plans for performing individual audits including identification of key risks and controls, determination of audit objectives, and input toward the development and maintenance of an appropriate internal audit program;
Provide input to risk assessment processes for key enterprise and client facing systems;
Incorporate feedback received from risk assessment processes, and internal and external audits to adjust and fine tune technology risk governance processes;
Demonstrate and apply a thorough understanding of complex information systemsUse knowledge of the current it environment and industry it trends to help with the identification of potential issues and risks;
Liaise with internal and external stakeholders to ensure it compliance related documentation is kept up to date with zs’s compliance requirements, obligations and commitments, as needs evolve;
Liaise with appropriate stakeholders including it, legal, hr, finance and others, as needed, to ensure that evolving compliance requirements are incorporated into risk governance processes;
Manage grc tools lifecycle including tool configuration needs with appropriate internal and external stakeholders;
Assist with the development of appropriate it compliance training material and conduct training of impacted stakeholders, as needed;
Assist with other technology risk governance related initiatives and special projects as assigned from time to time.
Qualifications:
Bs/ba in management information systems (mis), computer science or related field with record of high academic achievement required;
7+ years of experience in risk management and technology compliance disciplines: audits, regulatory compliance, risk management, program management and change management within the security governance and risk management space, required;
3+ years of experience supervising it audit engagement lifecycles (e.gUs sox, us soc1 & soc2 audits) iso 27001 audits, with very minimal oversightLifecycle includes the planning, execution, communication, and reporting phases of an audit engagement;
2+ years’ experience building and managing a team of junior staff and consultants, required
Experience in identification and remediation of security threats and risks;
Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers;
Experience with use of collaboration tools (e.gSharepoint online or other grc like tools) for reporting purposes is strongly preferred;
Detailed knowledge of how operational controls are implemented to meet compliance needs;
Skilled at preparing and presenting compliance and risks reporting at all levels of the company, from operational efforts through executive level presentation;
Broad understanding of information security policies and standards, and regulatory/framework compliance;
Strong communication skills, interpersonal skills, and presentation skills that allow effective interactions/communications with executives, business partners across regional and/or functional lines including the cascade of knowledge to the operating level;
Superior command over the english language, verbal and written; experience writing management and auditor level narratives and reports required;
Corporate or consulting firm risk management and governance experience requiredBig 4 it assurance/public accounting firm experience, while not required, is strongly preferred;
Experience with reviewing the work of others (e.gJunior staff) highly preferred;
Excellent communication and organizational skills – preferably with international exposure;
Demonstrated ability to work independently and as part of cross office teams (e.gUs, india);
Ability and willingness to work hours which overlap with international time zones (e.gUs time zone);
Ability and willingness to travel to other zs offices, as needed, to assist with compliance and audit engagements;
Certified or eagerness to become certified in it audit/risk governance related certifications while working at zs (e.gCgeit, crisc, iso27001 lead auditor).
Technical expectations include:
Basic working knowledge of web based applications, operating systems and databases including windows active directory, linux, microsoft sql and oracle;
Proficient in ms office productivity suite (e.gWord, excel, powerpoint, access, sharepoint)Advanced excel access database skills strongly preferred;
Working knowledge of grc tools; experience working with a industry recognized grc tool highly preferred
Working knowledge of various control frameworks including:
Cobit – control objectives for information and related technology
Iso/iec 27001:2013 – code of practice for information security management
Nist sp 800-53
Nist csf
Hipaa/hitech security and privacy audit protocol
Shared assessments standard information gathering (sig) framework
Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including:
Us sox – sarbanes oxley act
Us hipaa/hitech act
Eu gdpr – general data protection regulation
Us eu privacy shield
India it act (data privacy provisions)
India companies act
: zs is a global consulting firmFluency in english is required; additional fluency in at least one european or asian language is desirableCandidates must possess work authorization for their intended country of employmentAn on-line application, including a full set of transcripts (official or unofficial), is required to be consideredZs offers a competitive compensation package with salary and bonus incentives, plus an attractive benefits packageNo agency calls, please.
Hiring insights
Job activity
Posted today
ZS is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. We leverage our deep industry expertise, leading-edge analytics, technology and strategy to create solutions that work in the real world. With more than 35 years of experience and 7,000-plus ZSers in more than 25 offices worldwide, we are passionately committed to helping companies and their customers thrive.