Audit & Compliance Associate

ZS is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. From R&D to portfolio strategy, customer insights, marketing and sales strategy, operations and technology, we leverage our deep industry expertise and leading-edge analytics to create solutions that work in the real world. Our most valuable asset is our people—a fact that’s reflected in our values-driven organization in which new perspectives are integral and new ideas are celebrated. ZSers are passionately committed to helping companies and their customers thrive in industries ranging from healthcare and life sciences, to high-tech, financial services, travel and transportation, and beyond.

ZS’s India Capability & Expertise Center (CEC) houses more than 60% of ZS people across three offices in New Delhi, Pune and Bengaluru. Our teams work with colleagues across North America, Europe and East Asia to create and deliver real world solutions to the clients who drive our business. The CEC maintains standards of analytical, operational and technological excellence across our capability groups. Together, our collective knowledge enables each ZS team to deliver superior results to our clients.

ZS IT Support teams are aligned with the company’s business strategy and operating model and aims to provide its 4000 plus employees and their clients the right tools and information for high performance. The IT organization focuses on providing products and services to ZS to ensure successful business outcomes. This involves providing a scalable, sustainable and reliable IT infrastructure, customized applications, messaging and collaboration products, Business Intelligence and Database administration support along with a reliable 24*7 uninterrupted high-quality technology support services.

Audit & Compliance Associate

We seek a Audit & Compliance Associate to join our Pune, India office. As a member of the ZS Software as a Service (SaaS) Hosting Team, the Information Security and Compliance Associate Consultant will perform (and participate in) the planning, execution, and reporting on technology infrastructure and application security and compliance audits in support of various internal compliance requirements and initiatives as well as client directed compliance mandates.

Responsibilities:

• Perform audits in accordance with the plan based on various control frameworks and standards;
• Establish, monitor, document, and update compliance controls and findings;
• Create remediation plans based on findings and initiate projects, as necessary, in order to meet commitments made within remediation plans;
• Participate in client directed audit and compliance initiatives, including but not limited to, SAS 70 (SSAE 16) audits, client SOX audit assistance requests and Vendor Data Security and Privacy assessments;
• Develop and update IT Policies, process maps, templates and supporting change management tools, as often as needed;
• Assist in the development of training material in support of IT Policy adoption enterprise wide; participate in compliance training workshops, as needed;
• Monitor compliance with existing IT Policies and supporting tools;
• Liaison with ZS Client Teams and the ZS SaaS Hosting Team Manager to ensure that all mutually agreed upon business operations SLAs are met;
• Plan and participate in DR planning and testing;
• Assist with vendor review and selection in support of on-going internal and client directed compliance initiatives;
• Assist the Legal team with the review of client contracts as it relates to technology specific compliance requirements;
• Assist the Legal team with the interpretation of various US and EU laws and technical compliance directives and determine potential impact to the organization.
• Assist with the completion of client RFPs and RFIs as it relates to compliance;
• Work with IT, consulting, SD Group and legal teams on compliance standards;
• Security and compliance projects as assigned.

Qualifications:

• BS/BA with record of high academic achievement in CS/MIS
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CGEIT (Certified in the Governance of Enterprise IT) or CRISC (Certified in Risk and Information Systems Control)
• MCSA (Microsoft Certified Systems Administrator) or MCSE (Microsoft Certified Systems Engineer)
• Eagerness to contribute in a team-oriented environment
• Ability to work methodically and analytically in a quantitative problem-solving environment
• Excellent leadership, communication, and organizational skills
• Strong customer service skills

Technical Qualifications:

· 2 years of information systems experience with audit planning, risk assessment, and reporting/documentation

· Hardware, software, and networking information technologies

· IT security, controls, practices, and procedures

· Working knowledge of various control frameworks including:

o COBIT – Control Objectives for Information and Related Technology

o ISO/IEC 27002:2005 – Code of Practice for Information Security Management

o ITIL – Information Technology Infrastructure Library

o SOX – Sarbanes-Oxley

o HIPAA HITECH – Health Insurance Portability and Accountability

o PCI DSS – Payment Card Industry Data Security Standard

o SAS 70 – Statement of Auditing Standards No. 70

o SSAE 16 – Statement on Standards for Attestation Engagements

o ISAE 3402 – International Standard for Assurance Engagements

o NIST – National Institute of Standards and Technology

o Disaster Recovery planning and testing