Audit Programs Specialist - Governance, Risk, Compliance

Job Description

Are you a problem solver, explorer, and knowledge seeker - always asking, "What if?"

If so, then you may be the new team member we're looking for. Because at SAS, your curiosity matters - whether you're developing algorithms, creating customer experiences or answering critical questions. Curiosity is our code, and the opportunities here are endless.

What we do

We're the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live.

What you'll do

We're looking for a Audti Programs Specialist to be responsible for supporting compliance, risk, and security efforts in the Asia Pacific region of SAS. They must be a highly motivated individual with excellent organizational skills, with the ability to stay on top of a variety of commitments and deadlines; must be able to work independently and as part of a team, working across multiple business units, to maintain workload and report on problems or progress in a timely manner.

You will:

• Plan and lead internal reviews, audits and benchmarking of security policies against regulations and standards (for ex: ISO 27001, NIST 800-53, HIPAA, FedRAMP, GDPR, IRAP, APRA, etc.).
• Advise on compliance, audit and/or security requirements in association with applicable standards/regulations and/or best practices.
• Coordinate responses to sales-related RFPs and security questionnaires with legal, sales and IT implementation teams.
• Advise and assist with risk assessment activities and required remediation based on chosen standard(s) across applicable SAS teams and divisions.
• Participate in security investigations and compliance reviews, as required by customer requirements or internal or external audits.
• Operate as a consultant, researching and recommending changes to enhance or streamline quality and information security processes and procedures.
• Review hosting, security, and audit contract terms and ensure compliance to current policies and processes.
• Help maintain governance functions under the Information Security Management System and Quality Management System (ISMS/QMS) Board, including security policy and process development and updates.
• Interface with customer auditors to discuss security or IT hosting operations-related concerns during pre and post sales activities and collect and defend relevant evidence.
• Effectively communicate, facilitate, present, and train both technical and non-technical small and large audiences, regarding hosting and security requirements and procedures.
• Must have the ability to work with little supervision, escalating issues, as appropriate.
• Maintain an ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity
• Strong ability to handle multiple projects at the same time and solve complex problems
• Perform other duties, as assigned

What we're looking for

• Bachelor's degree in Business, IT, Computer Science or related field.
• 3+ years of functional experience in project management, management consulting, IT, audit/compliance or related field .
• 2+ years of experience in a regulated industry or working with customers in a regulated industry (i.e. pharmaceutical, banking, insurance, and/or government). This experience may be concurrent with the above functional experience.
• Understanding of best practices for information security and data privacy practices and processes.
• Understanding of regulatory standards: SOC 2, FISMA/NIST 800-53, or IRS 1075.
• Knowledge and experience with best practices /standards: ITIL, COBIT, GAMP5, or ISO 27001.
• Knowledge of IT or quality auditor procedures and tools ( not financial/accounting ).
• You're curious, passionate, authentic and accountable. These are our values and influence everything we do.

The nice to haves

• Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters).
• Management consulting experience.
• Experience with ServiceNow issue management ticketing system.
• Auditor or security certification, such as CISA, IIA or CISSP, or equivalent professional certification and/or training.
• SAS software implementation or IT hosting experience or prior implementation experience.
• IT hosting experience

Why SAS

• We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference.
• Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isn't about fitting into our culture, it's about adding to it - and we can't wait to see what you'll bring. #LI-AS2

Additional Information:

All valid SAS job openings are located on the Careers page at www.sas.com . SAS only sends emails from verified "sas.com" email addresses and never asks for sensitive, personal information or money. Should you have any doubts about the authenticity of any type of communication from, for, or on behalf of SAS, please contact us at Recruitingsupport@sas.com before taking any further action.