ZS is the world’s largest consulting firm focused exclusively on helping companies improve overall performance and grow revenue and market share, through end-to-end sales and marketing solutions – from customer insights and strategy to analytics, operations and technology. From our worldwide offices, ZS experts draw on deep industry and domain expertise to help companies make smarter decisions quickly and cost effectively. We are particularly known for our strong presence in the pharmaceutical and health care sectors, yet work across a range of industries.
ZS's Corporate Support teams operate the firm's core internal enterprise functions. Our global teams comprise team-oriented, pragmatic and results-driven people who thrive in a challenging work environment. Our people come from diverse backgrounds, but share a passion for quality customer service and dedication - whether our customer is a client or another ZS employee.
Information Technology provides products and services to ZS to ensure successful business outcomes. IT provides internal information technology solutions and support for ZS, including custom enterprise Web and ERP applications, IT infrastructure and technology support.
SENIOR COMPLIANCE AND AUDIT ASSOCIATE
We are currently seeking applicants for the position of Senior Compliance and Audit Associate to join our US IT Compliance and Audit team. The position will support various, management directed, IT internal audit and compliance initiatives which include ongoing monitoring of the quality of operations of our Software as a Service (SaaS) products and solutions and business line offerings with ZS mandated standards, policies and procedures. Qualified candidates will possess the skills detailed below and relevant work experience. Please note, this position is not client facing and does not require travel to client sites, unless specifically directed by management. This position may require travel to other ZS offices to assist with audits, as directed.
- Assist with the planning and execution of IT audit projects designed to provide assessment of internal control processes in accordance with ZS’s IT policies, data security and privacy practices and legally binding contractual obligations and commitments to its clients.
- Perform IT risk assessments and third party cloud vendor security and privacy risk assessments.
- Assist with the preparation of detailed plans for performing individual audits including identification of key risks and controls, determination of audit objectives, and development of an appropriate audit program.
- Assist with the preparation and review of audit work papers and reports documenting the results of reviews of assigned activities and recommended management action.
- Assist with the planning and coordination of all audits of ZS’s data security and privacy environment by ZS’s clients.
- Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry IT trends to help with the identification of potential issues and risks.
- Participate in reviews of internal controls and security of systems under development as needed.
- Liaise with internal and external stakeholders to ensure IT compliance related documentation is kept up to date with ZS’s compliance requirements, obligations and commitments, as needs evolve.
- Liaise with appropriate stakeholders including IT, Legal, HR, Finance and others, as needed, to ensure that compliance requirements are incorporated into ZS configured compliance workflow management tools.
- Assist with monitoring of ongoing organizational compliance with IT change management, logical and physical access, IT operations and other control procedures, as deemed necessary by management from time to time.
- Actively maintain findings and remediation recommendation registers. Track remediation activities to completion.
- Document and assist with the review of documented IT policies and procedures (e.g. IT change management, logical and physical access processes, data backups and restoration, disaster recovery processes).
- Assist with responding to client-driven RFPs, RFIs, and external security and privacy audits and questionnaires, as requested by management.
- Develop appropriate IT compliance training material and conduct training of impacted stakeholders, as needed.
- Assist with other IT audit and compliance related initiatives and special projects as assigned from time to time.
- BS/BA in Management Information Systems (MIS), computer science or related field with record of high academic achievement required;
- At least 3 years of experience performing IT audits, end to end, including the documentation of audit plans, audit test scripts, audit narratives, test results, findings and remediation recommendation listings;
- At least 1 year of experience supervising IT audit engagement lifecycles (e.g. US SOX, US SOC1 & SOC2 audits) with some oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement;
- Corporate or consulting firm IT audit/assurance engagement experience required. Big 4 IT assurance/public accounting firm experience, while not required, is strongly preferred;
- Certified or eagerness to become certified in one of the following IT audit related certifications while working at ZS (e.g. CISA, CISSP, CRISC, ISO27001 Lead Auditor).
- Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers;
- Experience documenting IT policies and procedures (e.g. IT change management, logical and physical access, data backups and restoration processes);
- Experience with use of collaboration tools (e.g. SharePoint Online or other GRC like tools) for reporting purposes is strongly preferred;
- Demonstrated ability to work independently and as part of cross office teams (e.g. India). Experience with reviewing the work of others (e.g. staff auditors) highly preferred;
- Excellent communication and organizational skills – preferably with international exposure;
- Excellent command over the English language, verbal and written; experience writing IT audit narratives and reports required;
- Ability and willingness to work hours which overlap with International time zones (e.g. India Time zone);
- Ability and willingness to travel to other ZS offices, as needed, to assist with compliance and audit engagements.
Technical expectations include:
- Basic working knowledge of web based applications, operating systems and databases including Windows Active Directory, Linux, Microsoft SQL and Oracle;
- Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, Access, SharePoint). Advanced Excel Access database skills strongly preferred;
- Working knowledge of various control frameworks including:
- COBIT – Control Objectives for Information and Related Technology
- ISO/IEC 27001:2013 – Code of Practice for Information Security Management
- NIST SP 800-53
- HIPAA/HITECH Security and Privacy Audit Protocol
- Shared Assessments Standard Information Gathering (SIG) framework
- Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including:
- US SOX – Sarbanes Oxley Act
- US HIPAA/HITECH Act
- EU GDPR – General Data Protection Regulation
- US EU Privacy Shield
- India IT Act (data privacy provisions)
- India Companies Act
ZS is a global consulting firm; fluency in English is required, additional fluency in at least one European or Asian language is desirable. Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered.
ZS offers a competitive compensation package with salary and bonus incentives, complete medical/dental/life insurance programs and 401k. We are an Equal Opportunity Employer.
NO AGENCY CALLS, PLEASE.
210 Carnegie Center, Suite 400, Princeton, New Jersey 08540 USA
T | +1 609 419 4518 M | +1 224 714 7118
ZS Impact where it matters.