IT Security Compliance Manager
Working within the Information Risk Management department, this role will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain the SOC2 attestation portfolio. This individual will be key in influencing and motivating key stakeholders across the organization to establish the SOC2 reporting framework and compliance. This individual will provide direction in control mapping, control gap identification, gap remediation and mitigation. This individual will have a strong understanding of the SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles.
- Facilitate the implementation of the risk assessment and monitoring framework for SOC2 reporting.
- Guide staff by reviewing and providing guidance in the development and maintenance of SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams.
- Ensure control alignment and validation for systems in scope.
- Provide guidance and best practices for remediating and mitigating controls gaps ensuring sufficient remediation plans and tracking to timely resolution
- Inform senior management timely of key program updates, milestones, and barriers for program implementation
- Review and validate system and process narratives
- Support GRC tool implementation and workflows.
- Bachelor’s degree in related field or equivalent work experience.
- Five to eight years experience, Public Accounting experience preferred
- Experience with SOC2 reporting engagements, and Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.
- Ability to effectively communicate and influence senior leadership across various departments within the organization.
- Excellent verbal and written communication and presentation skills.
- Microsoft Office and ability to adapt to ESI proprietary systems.
- Information technology risk management experience and proven ability to meet deadlines.
- Understanding of information risk management concepts.
- Experience leading team members, directing staff priorities and completing reviews to ensure quality work products.
- Ability to adapt in a dynamic work environment, learns quickly, solve problems and make decisions with minimal supervision.
- Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.
ABOUT THE DEPARTMENT
Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you’re as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.
More Information About the Job
Is Relocation Available?
Is there a bonus structure?
Are you open to sponsorship?
This position is:
Is there a possibility to work remote?
Is there equity?
Are there flexible work hours?
Does this position have direct reports?
Who does this position report to?
Director - IT Regulatory Compliance (focus on SOC2)
What are the 3-4 non-negotiable requirements on this position?
Facilitate the implementation of the risk assessment and monitoring framework for SOC2 reporting. Guide staff by reviewing and providing guidance in the development and maintenance of SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams. Ensure control alignment and validation for systems in scope. Provide guidance and best practices for remediating and mitigating controls gaps ensuring sufficient remediation plans and tracking to timely resolution
What are the nice-to-have skills?
Big 4 Accounting background Experience defending a SOC2 Audit
What is exciting about this opportunity? Please use this section to describe team and company culture.
Candidates can work from these locations: Franklin Lakes, NJ Bloomington, MN Sr. Louis, MO New and exiting program at ESI. Will be building this group from the ground up with lots of exposure to senior leadership at ESI. Will be driving change with the organization and it's success. This group is a serious point of focus for ESI.
If an Accepted Candidate independently pursues another position at Express Scripts, no Placement Fee will be due if the Candidate is Hired for the other position, even if Hired within 6 months of Acceptance. Independent pursuit means Express Scripts did not learn about the Candidate or the Candidate did not learn about the other job as a result of either being submitted to this job or from the Scout Search Firm.
Job Status: Full Time