Are you a problem solver, explorer, and knowledge seeker always asking, What if?
If so, you may be the new team member were looking for. Because at SAS, your curiosity matters whether youre developing algorithms, creating customer experiences, or answering critical questions. Curiosity is our code, and the opportunities here are endless.
What we do
Were the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live.
What youll do
Were looking for an IT Governance, Risk and Compliance (GRC) Analyst to join our Global IT Service Delivery and Support Division. You will lead efforts to design, implement, and manage IT GRC program requirements within the GRC platform. You'll also perform risk assessments, gap analysis and overall security controls guidance around security standards such as ISO 27001, National Institute of Standards and Technology (NIST 800-53), IRS 1075 and other security frameworks. The IT GRC Analyst will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and Information Technology audit preparation and response.
Serve as subject matter expert and on utilizing the GRC platform to facilitate Policy, Compliance and Risk Management.
Perform as a lead to design, implement and manage use of the GRC platform in support of the IT GRC Program.
Contribute to the implementation and continuous improvement of IT GRC Program standards and processes.
Work proactively with the IT GRC Team to implement and manage regulatory and compliance program requirements in the GRC platform.
Track POAM and risk remediation activities and provide relevant metrics to communicate status and awareness.
Participate in information security risk assessments and gap analysis.
Assist with analysis, documentation and training of remediation actions in response to audit findings.
Assess and advise on the impact of IT GRC process design options and efficiencies.
Contribute to the strategy and execution of the overall IT GRC Program.
Cultivate relationships with Information Security, R&D, Legal, Audit and Compliance, and business stakeholders to strengthen security governance and risk management.
Socialize and manage the awareness and adoption of IT GRC processes.
Must have the ability to work with little supervision, escalating issues as appropriate.
Create and help administer security training programs and practices.
Perform other duties as assigned.
What were looking for
Experience using and/or implementing a GRC platform (e.g., ServiceNow, Archer).
Strong understanding of IT Governance activities which support the organizations policies, standards, and procedures.
Highly motivated individual with excellent organizational skills, detail oriented, with the ability to stay on top of a variety of commitments and deadlines; must be able to work independently and as a team to maintain workload and report on problems or progress in a timely manner.
Strong time management skills (schedules, timelines, and task prioritization) and ability to work with minimal supervision or guidance.
The ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity.
Knowledge of regulatory standards and security frameworks; PCI, FISMA, NIST 800-53, HIPAA, ISO 27001/27002.
Knowledge of risk assessment methodologies and practices.
Understanding of IT Security controls and best practice.
Experience with the ServiceNow issue management ticketing system.
A self-starter who has an inquisitive, analytical mind that constantly looks for solutions to difficult problems. This person must have the ability to convey technology and security concepts to management and ideally has technical knowledge and/or experience in security with a proficiency in a risk management framework with the ability to assess administrative and technical controls.
The nice to haves
Bachelors degree in a related field, preferably Computer Science, Information Technology or Cybersecurity.
Ten years of experience in information security and compliance, IT governance, and securing IT systems.
Equivalent combination of education, training, and relevant experience may be considered in place of the requirements above.
CRISC, CGEIT, CRMA, or GRCP certifications preferred.
We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference.
Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isnt about fitting into our culture, its about adding to it - and we cant wait to see what youll bring.
And how about tuition reimbursement; a training budget for you to stay current with technologies; advanced certification options, and an onsite physical and virtual library of 8,000+ books, periodicals, CD audios, DVDs and other materials to further your self-studies.
To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the notice Pay Transparency
Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
Want to stay up to date with life at SAS, products and jobs? Follow us on LinkedIn
Requisition ID: 20032196
Travel Requirements: None
External Company Name: SAS Institute Inc
External Company URL: www.sas.com
Post End Date: 11/30/2019