Manager, Governance, Risk, Compliance - Audit
SAS Institute
- Cary, NC
- Permanent
- Full-time
- Maintain an understanding of compliance requirements, standards, guidance, and interpretations and/or best practices, including NIST 800-53, HIPAA, FedRAMP, IRS 1075, ISO 27001.
- Manage benchmark program of security practices against applicable regulations and standards (for ex: ISO 27001, HIPAA, IRS 1075, NIST 800-53, FedRAMP).
- Responsible for the delivery and maintenance of compliance documentation provided to government sector customers, like System Security Plans, Plan of Actions and Milestones (POA&M), Continuous Monitoring Plan, etc.
- Manage team performing issue remediation tasks in response to audit findings, specifically Plan of Actions and Milestones (POA&M) delivered to government customer.
- Interface with customer sponsors and customer auditors to discuss security or IT hosting operations-related concerns during pre and post sales activities and collect and defend relevant evidence.
- Interface with regulators and external assessors to describe applicable security or IT hosting operations controls to obtain and maintain external certification
- Operate as a consultant and a leader, recommending changes to enhance security processes.
- Work with other information security teams globally, helping to provide a consistent approach to governance and compliance activities.
- Effectively communicate, facilitate, present, and train both technical and non-technical small and large audiences, regarding SAS Cloud and security requirements and procedures.
- Use of the GRC tool for managing compliance profile, such as managing continuous monitoring indicators, build reporting dashboards, tracking of issue remediation.
- Provide thought leadership regarding compliance, audit and/or security requirements within regulated markets (heavily focused on government sector requirements)
- Participate in security investigations and compliance reviews, as required by contract or regulation.
- Provide final review of security contract terms and ensure alignment to policies and processes.
- Interface with customer attorneys and security officers to discuss/negotiate security or SAS Cloud operations-related concerns during pre and post sales activities.
- Provide final review of responses to RFP and security questionnaires.
- Continuously improve the Information Security Management System (ISMS) / Quality Management System (QMS), including SAS security policy and process development and updates, while ensuring compliance with regulations and guidance.
- Identify and recommend cost effective improvements to security practices while maintaining compliance to required standards and regulations.
- Bachelor's degree in Business, IT, Computer Science, Project Management or related field
- 4-8 years of functional experience in project management, management consulting, IT, audit/compliance or related field.
- Experience in a regulated (specifically, government) industry (may be concurrent with the above functional experience).
- Understanding of regulatory standards (ex: FedRAMP, NIST 800-53, IRS 1075, CJIS, HIPAA).
- Knowledge and experience with best practices/standards (ex: COBIT, GAMP5, ISO 27001).
- US Citizenship required
- You’re curious, passionate, authentic and accountable. These are our values and influence everything we do.
- Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters)
- Management consulting experience
- Experience with ServiceNow issue management ticketing system
- Auditor or security certification (ex: CISA, IIA, CISSP) and/or training
- SAS software implementation experience or IT hosting experience
- Comprehensive medical, prescription, dental and vision plans.
- Medical plan options include…
- PPO with low annual deductible and copays.
- HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
- Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There’s a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
- An industry-leading 401k plan.
- Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
- Volunteer Time Off, parental leave and unlimited paid sick days.
- Generous childcare benefits for all full-time employees.