Quanta Services

  • Lead IT Compliance Analyst

    Job Location US-TX-Houston
    Requisition ID
    2017-1464
    # of Openings
    1
    Category
    Information Technology
  • Overview

    The IT Compliance Lead is responsible for compliance with SOX and internal IT policies. This position will execute the planning and performance of assessments across various compliance areas, while working directly with the technical and business leadership to select, deploy and validate IT controls to ensure compliance requirements are maintained. Compliance reviews could consist of IT General Controls as well as selected application or special project reviews.  Reviews can also cover areas such as application controls, logical access controls for applications, operating systems and databases, backup and recovery procedures, change controls, pre and post deployment assessments, user administration, perimeter security and selected configuration management controls on technical platforms such as VPNs, VMWare, Windows Server 20XX, AIX-UNIX , Linux and Cisco firewalls.  Lead Analyst will assist with oversight of junior staff and external consultants to ensure that timeline and deliverable requirements are met.

    Responsibilities

    Job responsibilities/Essential Functions, including but not limited to the following:

    • Completes individual assignments or leads teams in initiatives as assigned by the Sr. Manager.
    • Assist in managing the planning, designing, writing, and finalization of policies, control framework and procedures.
    • Responsible for the monitoring of overall adherence to the IT controls through regularly scheduled reviews of in-scope technical areas.
    • Experience performing risk and compliance assessments and in-depth knowledge of industry standards and regulatory requirements (e.g., HIPAA, SOX, FISMA, NIST, ISO 2700X, COBIT, FFIEC, NERC CIP, etc.)
    • Ensures compliance with contractual requirements that are usually based on NERC/CIP, ISO 27001, COBIT, NIST 800-53 etc.
    • Performs assessments of Third Party services providers including cloud services such as IaaS, PaaS, and SaaS etc. for adherence to best practices or known frameworks like COBIT, ISO 27001/27002 etc.
    • Review and provide guidance from compliance perspective across areas such as application controls, logical access controls for applications, operating systems and databases, backup and recovery procedures, change controls, pre and post deployment assessments, user administration, perimeter security, network/application architecture and selected configuration management controls on technical platforms such as VPNs, VMWare, Windows Server 20XX, AIX-UNIX , Linux and Cisco firewalls.
    • Work with IT to close issues through oversight and review of remediation plans and accompanying evidence.
    • Stays up-to-date on changes to technology, internal policy and standards, and relevant regulatory programs, and evaluates potential impacts on the risk and controls and suggests modifications to IT control framework.
    • Assist in managing, training, coaching and developing junior staff and/or external consultants to ensure that timeline and deliverable requirements are met.
    • Leads large and/or multiple projects with assigned resources.
    • Engage with IT and/or Accounting control owners, including management, to review audit testing results and influence decisions.
    • Work with the manager and other team members to identify opportunities for improvement or gaps in existing processes. Takes initiative to develop new approaches and tools.

    Qualifications

    Preferred Education:

    • 4 year degree in MIS, Information Systems, Computer Science, Engineering or Accounting MS or MBA preferred
    • Required/Preferred Certifications:
    • CISA, CIA, CPA, CISM, CISSP, MCP, MCSE, CCNA at least 1 certification required or other applicable for the job certifications are desired

    Required Professional Experience:

    • 6-8 years in IT Compliance, IT Audit, IT Security or IT related field

    Required Languages:

    • Not required but Spanish would be nice

    Required Competencies:

    • Self-starter who is able to work independently while supporting the needs of the team
    • Excellent oral and written communication skills
    • Strong decision making skills
    • Comfortable interacting with all levels of management

    Knowledge/Skills:

    • General knowledge of the audit and control of operating systems – Windows, OS400 and Linux/UNIX given preference
    • General knowledge of the audit and control of databases – SQL and Oracle given preference
    • Knowledge of the audit and control of ERP applications with a strong preference for JD Edwards, Timberline, Spectrum and, if possible Explorer and COINS
    • Nice to haves – understanding of virtualization, networking and Active Directory

    Travel Requirements:

    • 40% – 50%

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed