At SAS, where you start doesn’t have to be where you end; and there is ample opportunity for internal career mobility. Whether you’re looking to grow a new skill or experience a new role, there’s no time like the present to take the next step; and we’re here to support you in your journey.We’re looking for a Governance, Risk, Compliance – Audit Security Advisor to join our team in Australia, specifically focused on Compliance in Government. The role will assess information security and cybersecurity risk, facilitate compliance with regulatory requirements and information security policies, execute assurance testing to required performance standards, and develop and report information security metrics. They are responsible for lowering information security and cybersecurity risk to SAS, partnering with other teams across the enterprise.Your responsibilities may include:
- While remaining updated of compliance and security regulations and standards within regulated markets for ex: IRAP, ISMAP, ISAE 3000, and/or ISO 27001), provide advisory services to the business, including recommendations for assurance and application of SAS security policies for SAS Cloud, on-premises projects, and country or regional offices.
- Review SAS Cloud or on-premises security contract terms, respond to RFP and security questionnaires, and support information security-related discussions with customer security teams and auditors during negotiations and post-sale operational activities.
- Facilitate and ensure continuous monitoring activities are operating effectively, identifying control gaps and deficiencies and reporting to management, as applicable.
- Assist in the development System Security Plans, Plans of Actions and Milestones, Continuous Monitoring Plans, and Incident Response Plans in collaboration with other teams.
- Conduct scheduled and ad hoc reviews of applicable SAS Cloud solution environments, including the support and management of external assessor activities related to certifications and customer contractual requirements.
- Research and contribute to information security polices and standards, with the objective of continually maturing operations, while meeting regulatory and compliance obligations.
- Participate in security investigations and compliance reviews, as required by contract or regulation.
- Identify and recommend cost effective improvements to security practices while maintaining compliance to required standards and regulations.
- Use the GRC tool to create and manage continuous monitoring indicators, build reporting dashboards, document electronic work papers, and manage audit documentation.
- Identify risk issues and work in collaboration with other teams across the enterprise to remediate.
- Maintain an ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity.
- Strong time management skills (schedules, prioritization).
- Excellent communication, analysis, and process flow skills.
- Ability to be flexible, display tact and diplomacy, and maintain confidentiality and integrity.
- Must have the ability to work with little supervision, escalating issues, as appropriate.
- Perform other duties, as assigned.
- Travel as business requirements dictate at management discretion.
- Bachelor's degree in Business, IT, Computer Science, Project Management or related field
- 5-8+ years of functional experience in project management, management consulting, IT, audit/compliance or related field.
- Experience in a regulated (pharmaceutical, banking, insurance, government) industry (may be concurrent with the above functional experience).
- Understanding of regulatory standards (ex: IRAP, PMDA, PCI, NIST 800-53).
- Knowledge and experience with best practices/standards (ex: COBIT, GAMP5, ISO 27000 or 42000).
- Must be an Australian citizen
- Successful applicants will be required to complete a background check (including criminal history check) prior to commencement of employment.
- Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters)
- Management consulting experience
- Experience with ServiceNow issue management ticketing system
- Auditor or security certification (ex: CISA, IIA, CISSP) and/or training
- SAS software implementation experience or IT hosting experience