The IT Compliance Lead is responsible for compliance with SOX and internal IT policies. This position will execute the planning and performance of assessments across various compliance areas, while working directly with the technical and business leadership to select, deploy and validate IT controls to ensure compliance requirements are maintained. Compliance reviews could consist of IT General Controls as well as selected application or special project reviews. Reviews can also cover areas such as application controls, logical access controls for applications, operating systems and databases, backup and recovery procedures, change controls, pre and post deployment assessments, user administration, perimeter security and selected configuration management controls on technical platforms such as VPNs, VMWare, Windows Server 20XX, AIX-UNIX , Linux and Cisco firewalls. Lead Analyst will assist with oversight of junior staff and external consultants to ensure that timeline and deliverable requirements are met.
Job responsibilities/Essential Functions, including but not limited to the following:
Completes individual assignments or leads teams in initiatives as assigned by the Sr. Manager.
Assist in managing the planning, designing, writing, and finalization of policies, control framework and procedures.
Responsible for the monitoring of overall adherence to the IT controls through regularly scheduled reviews of in-scope technical areas.
Experience performing risk and compliance assessments and in-depth knowledge of industry standards and regulatory requirements (e.g., HIPAA, SOX, FISMA, NIST, ISO 2700X, COBIT, FFIEC, NERC CIP, etc.)
Ensures compliance with contractual requirements that are usually based on NERC/CIP, ISO 27001, COBIT, NIST 800-53 etc.
Performs assessments of Third Party services providers including cloud services such as IaaS, PaaS, and SaaS etc. for adherence to best practices or known frameworks like COBIT, ISO 27001/27002 etc.
Review and provide guidance from compliance perspective across areas such as application controls, logical access controls for applications, operating systems and databases, backup and recovery procedures, change controls, pre and post deployment assessments, user administration, perimeter security, network/application architecture and selected configuration management controls on technical platforms such as VPNs, VMWare, Windows Server 20XX, AIX-UNIX , Linux and Cisco firewalls.
Work with IT to close issues through oversight and review of remediation plans and accompanying evidence.
Stays up-to-date on changes to technology, internal policy and standards, and relevant regulatory programs, and evaluates potential impacts on the risk and controls and suggests modifications to IT control framework.
Assist in managing, training, coaching and developing junior staff and/or external consultants to ensure that timeline and deliverable requirements are met.
Leads large and/or multiple projects with assigned resources.
Engage with IT and/or Accounting control owners, including management, to review audit testing results and influence decisions.
Work with the manager and other team members to identify opportunities for improvement or gaps in existing processes. Takes initiative to develop new approaches and tools.
4 year degree in MIS, Information Systems, Computer Science, Engineering or Accounting
MS or MBA preferred
CISA, CIA, CPA, CISM, CISSP, MCP, MCSE, CCNA at least 1 certification required or other applicable for the job certifications are desired
Required Professional Experience:
6-8 years in IT Compliance, IT Audit, IT Security or IT related field
Not required but Spanish would be nice
Self-starter who is able to work independently while supporting the needs of the team
Excellent oral and written communication skills
Strong decision making skills
Comfortable interacting with all levels of management
General knowledge of the audit and control of operating systems – Windows, OS400 and Linux/UNIX given preference
General knowledge of the audit and control of databases – SQL and Oracle given preference
Knowledge of the audit and control of ERP applications with a strong preference for JD Edwards, Timberline, Spectrum and, if possible Explorer and COINS
Nice to haves – understanding of virtualization, networking and Active Directory
40% – 50%
Employer does not assist with relocation costs.
About Quanta Services
Quanta Services (NYSE: PWR) is a full service engineering, procurement and construction (EPC) service provider based in Houston, Texas. Quanta was built on the vision of becoming the single-source solution to an array of complex market needs. This vision has allowed Quanta to acquire the best companies in the industry and become the leading integrated solutions provider serving the electric power and oil and gas infrastructure markets.
• Power Plants
• Specialty Services
• Renewable Power – Wind, Solar, etc.
Oil and Gas Contractor
• Pipeline Construction
• Integrity Solutions
• Facilities Construction
• Offshore and Upstream Services
• Trucking/Logistics Field Services
• Engineering Services
• Tank Construction
• Power Plant Construction
• HDD (Horizontal Directional Drilling)
• Industrial Engineering and Construction
Part of what sets Quanta Services apart is the strength of our people. We have over 26,000 employees and are in all 50 states and more than 15 countries. In each and every office we employee the best and brightest and spend the time to properly train all em...ployees in safety and Quanta procedures so that we can continue to be the safest and most innovative specialty contractor.
• #352 2015 Fortune 500 List
• #1 2015 Engineering News Record Specialty Contractor
• #1 2015 Largest Transmission and Distribution Contractor in North America
• #1 2015 Largest Pipeline Contractor in North America
• #4 2015 Forbes Most Trustworthy Large Cap Companies
• #7 2016 Fleet Owners Top Truck Fleets in the U.S.
• #32 2015 Solar Power World Contractor Ranking
Quanta is now comprised of over 60 Operating Units throughout North America, Latin America and Australia.
Recent updateSee all See all recent updates
Image accompanying recent update
This morning current and former Quanta executives rang the opening bell at the exchange in New York City to commemorate Quanta’s 20 year listing anniversary.
317 Likes 7 Comments 2mo
Electric Power Infrastructure Services, Energy Services, Oil & Gas Services, Engineering, Procurement, Construction, Power Generation, Emergency Restoration, and Energized Services