Job Description

Requisition Id:
REQ20011160

Intake call recording

 POSITION SUMMARY

Working within the  Information Risk Management department, this role will support  governance, risk, and compliance initiatives and perform key day-to-day  activities to help deploy and maintain the SOC2 attestation portfolio.   This individual will be key in influencing and motivating key  stakeholders across the organization to establish the SOC2 reporting  framework and compliance. This individual will provide direction in  control mapping, control gap identification, gap remediation and  mitigation.  This individual will have a strong understanding of the  SOC2 SSAE 18 AICPA reporting standards along with an understanding of  the Security, Availability, Confidentiality, Processing Integrity, and  Privacy Trust Service Principles.

ESSENTIAL FUNCTIONS

  • Facilitate the implementation of the risk assessment and monitoring framework for SOC2 reporting.
  • Guide  staff by reviewing and providing guidance in the development and  maintenance of SOC2 scoping documentation including system  understanding, process flows, and system infrastructure diagrams.
  • Ensure control alignment and validation for systems in scope.
  • Provide  guidance and best practices for remediating and mitigating controls  gaps ensuring sufficient remediation plans and tracking to timely  resolution
  • Inform senior management timely of key program updates, milestones, and barriers for program implementation
  • Review and validate system and process narratives
  • Support GRC tool implementation and workflows.

QUALIFICATIONS

  • Bachelor’s degree in related field or equivalent work experience.
  • Five to eight years experience, Public Accounting experience preferred
  • Experience  with SOC2 reporting engagements, and Security, Availability,  Confidentiality, Privacy, and Processing Integrity Trust Service  Principles.
  • Ability to effectively communicate and influence senior leadership across various departments within the organization.
  • Excellent verbal and written communication and presentation skills.
  • Microsoft Office and ability to adapt to ESI proprietary systems.
  • Information technology risk management experience and proven ability to meet deadlines.
  • Understanding of information risk management concepts.
  • Experience leading team members, directing staff priorities and completing reviews to ensure quality work products.
  • Ability to adapt in a dynamic work environment, learns quickly, solve problems and make decisions with minimal supervision.
  • Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.

ABOUT THE DEPARTMENT

Do  you enjoy the challenge of defending an enterprise from security  breaches? Come put your skills to work at an organization trusted to  protect client, patient and company data amid the ever-changing  landscape of information security threats and risks. Our cyber defenders  are challenged and trusted with maintaining our secure infrastructure  day in and day out, while delivering an enterprise computing environment  that is resilient to breaches and disruptions. If you’re as passionate  about data security as we are and want to be at the center of our noble  mission to make healthcare safer and more affordable, explore our  opportunities.

 

More Information About the Job

Is Relocation Available?
Yes, nationwide

Is there a bonus structure?
15%

Are you open to sponsorship?
No

This position is:
New Position

Is there a possibility to work remote?
No

Is there equity?
Yes

Are there flexible work hours?
Yes

Does this position have direct reports?
No

Who does this position report to?
Director - IT Regulatory Compliance (focus on SOC2)

What are the 3-4 non-negotiable requirements on this position?
Facilitate the implementation of the risk assessment and monitoring framework for SOC2 reporting. Guide staff by reviewing and providing guidance in the development and maintenance of SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams. Ensure control alignment and validation for systems in scope. Provide guidance and best practices for remediating and mitigating controls gaps ensuring sufficient remediation plans and tracking to timely resolution

What are the nice-to-have skills?
Big 4 Accounting background Experience defending a SOC2 Audit

What is exciting about this opportunity? Please use this section to describe team and company culture.
Candidates can work from these locations: Franklin Lakes, NJ Bloomington, MN Sr. Louis, MO New and exiting program at ESI. Will be building this group from the ground up with lots of exposure to senior leadership at ESI. Will be driving change with the organization and it's success. This group is a serious point of focus for ESI.

 

If an Accepted Candidate independently pursues another position at Express Scripts, no Placement Fee will be due if the Candidate is Hired for the other position, even if Hired within 6 months of Acceptance. Independent pursuit means Express Scripts did not learn about the Candidate or the Candidate did not learn about the other job as a result of either being submitted to this job or from the Scout Search Firm.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online