Apex Systems combines with parent company On Assignment to make it the 2nd largest IT staffing agency in the country.
Apex has an opportunity for a Compliance Analyst role in the Waltham, MA area. This is a Permanent/Fulltime position and the pay rate is flexible depending on experience.
For applicants who are interested in this Compliance Analyst opportunity; please send a Word resume to Cassie Wagner, Professional Recruiter @ firstname.lastname@example.org.
Here are the details:
Role: IS Senior Compliance Analyst - Vendor Assurance
Location: Waltham MA, Brooklyn NY, or Syracuse, NY
Duration: Permanent / Fulltime
Rate: Flexible depending on experience
Responsible for support of the Vendor Assurance Program, evaluation of vendor risks in relation to services provided, assist Procurement teams in determining related risk and ensure contract terms and conditions align to Compliance and Risk Management needs. Responsible for vendor evaluations, identifying control deficiencies to ensure compliance with regulations and internal controls; recommend improvements in internal control structure; conduct independent assessments of third parties; conduct assessments for utility regulations, including NERC, PCI, MA 201, HIPAA, SOX, FERC and other international, federal and state regulations.
Vendor Assurance Senior Analyst Job Duties:
- Support Vendor Assurance Program, integrating Risk and Compliance management into Procurement processes.
- Manage complex environment of vendors providing services.
- Work with third party service providers to evaluate control design and operating effectiveness.
- Develop, plan and execute compliance assessment based on documented process.
- Develop and execute clearly written test plans based on control objectives in a repeatable manner.
- Ensure compliance with established internal control procedures by examining records, reports, operating practices, and documentation.
- Develop plan to assess vendors throughout the year balancing workload and assessments.
- Verify the design and effectiveness of controls to secure information system assets, including people, processes and technologies.
- Complete work papers by documenting compliance assessments and findings clearly articulating test methodology and steps taken.
- Prepare reports by collecting, analyzing, and summarizing information.
- Prepare regular status reports for internal management.
- Communicate findings by preparing a final report; discussing findings with auditees and documenting results.
- Communicate findings with IS Risk to coordinate findings, develop action plans based on risks and confirm that appropriate steps are taken to close out findings.
- Ensure controls support Compliance with International, Federal, State, and Local requirements; enforcing adherence and advising management on needed actions.
- Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.
- Contribute to team effort by accomplishing defined objectives and implementing agreed upon process improvements.
- Work with internal stakeholders, including Regulatory, Legal and IS to build and maintain relationships and deliver value.
- Others as Required
- Bachelor’s Degree Required
- 3-5 Years of IS Audit Experience
- CISA – Desired
- CRISC – Desired
- CISM – Desired
- Archer GRC (Preferred)
- Understanding of assessing third party service providers and associated risks
- Understanding of SSAE 18, ISAE 3402, SOC 1, SOC 2 and AUP reports and principles
- Understanding of SAP systems and controls
- Strong presentation skills
- Knowledge of control frameworks (COSO, CobIT, ISO, UCF, NIST)
- Understanding of utility regulations (Gas and Electric)
- Understanding of third party risk management
- Understanding of international regulations a plus
- Understanding of key control Indicators a plus
- Ability to demonstrate management of internal and external audit organizations
- Willing to travel (30-40%), including international
- Passport / VISA required
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178* Bachelor's Degree Required * 3-5 Years of IS Audit Experience * CISA - Desired * CRISC - Desired * CISM - Desired * Archer GRC (Preferred) * Understanding of assessing third party service providers and associated risks * Understanding of SSAE 18, ISAE 3402, SOC 1, SOC 2 and AUP reports and principles * Understanding of SAP systems and controls * Strong presentation skills * Knowledge of control frameworks (COSO, CobIT, ISO, UCF, NIST) * Understanding of utility regulations (Gas and Electric) * Understanding of third party risk management * Understanding of international regulations a plus * Understanding of key control Indicators a plus * Ability to demonstrate management of internal and external audit organizations * Willing to travel (30-40%), including international * Passport / VISA required