Sr Security Compliance Analyst
Working within the Information Risk Management department, the SOC2 Senior Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain the SOC2 attestation portfolio. This individual will help create and maintain risk assessments to facilitate scoping and defining boundaries of the system. This individual will facilitate control mapping, control gap identification, gap remediation and mitigation. This individual will assist in ensuring compliance to SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles.
- Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams.
- Perform control alignment validation
- Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution
- Provide information for status reports and support stakeholder communications.
- Facilitate system and control understanding walkthrough meetings
- Update and maintain system and process narratives
- Support GRC tool implementation and workflows.
- Bachelor’s degree in related field or equivalent work experience.
- Three to five years experience, Public Accounting experience preferred.
- Experience with SOC2 reporting engagements, and Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.
- Microsoft Office and ability to adapt to ESI proprietary systems.
- Information technology risk management experience and proven ability to meet deadlines.
- Understanding of information risk management concepts.
- Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision.
- Excellent verbal and written communication and presentation skills.
- Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.
- Ability to develop process documentation.
- ABOUT THE DEPARTMENTDo you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you’re as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.
- ABOUT EXPRESS SCRIPTS Advance your career with the company that makes it easier for people to choose better health.Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the "Most Admired Companies" in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan.
More Information About the Job
Is Relocation Available?
Is there a bonus structure?
Are you open to sponsorship?
This position is:
Is there a possibility to work remote?
Is there equity?
Are there flexible work hours?
Does this position have direct reports?
Who does this position report to?
Director - IT Regulatory Compliance (SOC2 focus)
What are the 3-4 non-negotiable requirements on this position?
Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams. Perform control alignment validation Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution Provide information for status reports and support stakeholder communications. Facilitate system and control understanding walkthrough meetings
What are the nice-to-have skills?
Big4 (or second tier) public accounting experience
What is exciting about this opportunity? Please use this section to describe team and company culture.
Candidates can work from these locations: Franklin Lakes, NJ Bloomington, MN Sr. Louis, MO New and exiting program at ESI. Will be building this group from the ground up with lots of exposure to senior leadership at ESI. Will be driving change with the organization and it's success. This group is a serious point of focus for ESI.
If an Accepted Candidate independently pursues another position at Express Scripts, no Placement Fee will be due if the Candidate is Hired for the other position, even if Hired within 6 months of Acceptance. Independent pursuit means Express Scripts did not learn about the Candidate or the Candidate did not learn about the other job as a result of either being submitted to this job or from the Scout Search Firm.
Job Status: Full Time