The opportunity :
OpenText is seeking a highly motivated, collaborative, technically experienced and well-organized IT Audit Compliance Analyst for IT Compliance (ITC) with the ability to understand various compliance requirements, effectively interpret and communicate the requirements to internal teams, and lead efforts to produce actionable plans to meet the compliance requirements.
ITC Team, part of Global Information Security (GIS) is currently focused on, but not limited to SOC1, SOC2, PCI, HIPAA, ISO 27001, SOX.
In this role, you will be involved in managing and sustaining the various compliance programs by working collaboratively with internal teams, SMEs, external customers, vendors, auditors and other stakeholders.
You are great at :
Coordinate the overarching annual audit plan with internal and external auditors to support delivery of multiple, simultaneous audits and certifications (both new and existing) within the Open Text portfolio
Responsible for the delivery of audit milestones to ensure audit timelines stay on target by escalating and identifying roadblocks.
Collaborates cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of compliance readiness and audit execution.
Participates in, or potentially leads, gap assessment, compliance readiness, and compliance monitoring activities.
Interfaces with internal and external auditors for periodic audit activities
Conducts various IT Compliance controls validation and implementation activities
Collaborates with technology and business stakeholders along with other Compliance team members to facilitate remediation and execution of corrective action plans.
Participates in continuous improvement initiatives.
Develops metrics and dashboards for reporting on assigned compliance programs
Provides coaching and mentorship to more junior team members
Provides input into industry best practices for managing compliance in today’s landscape.
What it takes :
5+ years of experience in IT audit and / or compliance, with a concentration on leading multiple, simultaneous audit engagements for a Cloud Service Provider, encompassing multiple frameworks.
Experience leading and / or managing the entire audit lifecycle of a certification program for at least two of the following ISO 27001, PCI, HIPAA / HITRUST, SOC 1 / 2, SOX, FedRAMP.
Familiar with Information Security principles, knowledge of IT processes (e.g. Change Management, Incident Management, Risk Management, Network and System Administration),
Bachelor’s Degree in Information Technology, Business or related vocations.
Big four audit firm experience a plus.
Experience with GRC Tools is a plus.
Industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer / Auditor) a plus.
Strong technical, analytical, interpersonal, communication and writing skills.
Ability to work both independently and within a global team environment
Self-starter, quick-learner, and pro-active problem-solving skills.
Effective organization, follow-up and time management skills.
Demonstrated strength in working in a high change environment.
Ability to develop and foster strong relationships with technology and business stakeholders.
Effective team collaboration plus the ability to coach and mentor others.
Strong personal characteristics as demonstrated by the following : achievement-oriented, self-controlled, self-confident, flexible, approachable, and dedicated.