Lead Business Technology Analyst
Thomson Reuters
- India
- Permanent
- Full-time
- Give recommendations and actively participate in defining the annual control testing and regulatory assessment scope to be completed using TR’s control framework and reporting and completing assigned control validation activities.
- Be a subject matter expert for governance over control testing activities by working collaboratively and providing awareness to stakeholders as required.
- Guide other team members on approach and steps to be followed when finalizing control population, sampling, re-testing, exception reporting and tracking requirements, reviewing work papers, the evidence submitted, finalizing remediation plans, etc.
- Provide technical or compliance advice to teams/people responsible for programs, software, and information systems security.
- Contribute to test one, cover many requirements approach and align with the long-term vision of automation of audit/testing.
- Be asked to lead compliance or security projects / teams to achieve milestones and objectives on complex initiatives.
- Come up with ideas to tackle a scenario, project or ad-hoc request and execute with minimal guidance.
- Work independently on multiple initiatives simultaneously, and act decisively and with a high degree of autonomy.
- Exhibit willingness and drive to learn continuously and approach change with openness.
- Have a creative and diplomatic approach to solving problems while being customer driven.
You are a fit for the role of Lead, Compliance Program Technical Auditor, if your background includes:
- Bachelor's degree in IT, Accounting or equivalent education and experience.
- At least 5+ years of relevant work experience in SoX, ITGC, PCI within Audit, Big 5, consulting firms or as line 1a or 1b completing IT-IS control testing or working within a Governance or Compliance function across Financial Services organisations.
- One of these certifications in order of preference is essential CISA, CISSP, CCAK, CISM, CRISC.
- Strong ethical principles and understanding of business and IS ethics.
- Working knowledge of common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA). Experience in testing Cloud controls and related technologies will be preferred.
- Excellent oral and written communication skills in English. Additional expertise in French, Spanish or another language will be an asset.
- Experience working with GRC platforms like ServiceNow, ProcessUnity, RSA Archer, MetricStream and like.