Sr. Analyst NA IT Compliance

Philadelphia, PA, United States

Applications have closed

Chubb

Chubb insurance products and services in Germany

View all jobs at Chubb

KEY OBJECTIVE

The objective of this position is to evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of information systems.  The position will direct the execution of an annual SOX attestation, customer-driven audits, and other regulatory audits performed by external auditors. Audits cover areas such as infrastructure, cloud, information security, computer operations, application development, operating systems, databases, network access, change management, user administration and segregation of duties.  The position also assists IT control owners with control design, standards and opportunities for efficiencies as it relates to CHUBB’s Global IT Compliance Program and SOX 404 requirements. The position will facilitate and manage audit plans, resource planning, risk assessments, and report preparations. The position will have direct contact with key external customers and respond independently to customer inquiries about the adequacy of our internal controls. This role will proactively identify control gaps in advance of auditors and facilitate the development and implementation of remediation actions based on practical solutions and sound risk management. This position reports to the AVP, Leader of SOX Compliance, NA. 

 

MAJOR DUTIES & RESPONSIBILITIES
  • Strategically manage special projects and initiatives to identify, implement and monitor process improvement opportunities.
  • Provide subject matter expertise and consultative support to the IT community pertaining to control documentation, testing, audit standards and Sarbanes Oxley requirements.
  • Identify and recommend opportunities to improve the effectiveness and efficiencies of compliance activities and IT key controls.
  • Participate in audit closing meetings to discuss audit issues, improvement opportunities and control deficiency resolutions.
  • Guide management in the creation of management action plans that resulted from an audit. 
  • Track remediation plans to ensure IT Management is on track for any audit remediation commitments and are addressed timely
  • Clearly communicate IT control issues formally and informally to all levels of management.
  • Evaluate and recommend opportunities to maximize the efficiency and effectiveness of audit activities.
  • Facilitate risk and financial impact assessments over audit related deficiencies.
  • Perform quality control assessment over testing performed by IT management.
  • Perform and facilitate periodic SOX control executions on behalf of IT management.
  • Represent CHUBB IT on compliance related matters with business customers, vendors, and auditors
  • Participates in other special projects as required, including IT compliance initiatives, risk assessments, policy development and compliance with SOX 404.
  • Supports the annual ESIS SOC Audit to ensure management achieves desired results.
  • Performs annual reviews for identified SSAE18 (SOC-1 & SOC-2) reports. 
  • Supports the annual PCI audit for Personal Lines and Small Commercial 
  • Support and collaborate with IT compliance and information security staff to enhance CHUBB’s control and security policies within the US and globally.
MINIMUM REQUIREMENTS 
  • Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently
  • Demonstrates sense of urgency and a high-degree of initiative and professional judgment
  • Responsibilities require strong collaboration with the ability to influence and affect change, in support of key objectives, across IT leads, internal and external auditors, and business management.
  • 2-5 years of IT auditing or IT risk management experience leveraging the COBIT and NIST framework
  • In-depth understanding of Sarbanes-Oxley section 404, SSAE18(SOC-1 and SOC-2) and ISO standards
  • General knowledge of Infrastructure systems, networks, and best practices for their management and security. 
  • General knowledge of Cloud controls and policies. 
  • General knowledge of IT operating environments to include mainframe, Windows and UNIX platforms.
  • Understanding of business practices pertaining to access administration & security, SDLC, IT operations, and application automated processes.
  • Strong results orientation and customer service driven
  • Perform without constant management oversight and produce result 
  • Demonstrates sense of urgency and a high-degree of initiative and professional judgment
DESIRED QUALIFICATIONS
  • CISA, CRISC, CISSP CISM or CDPSE certification (or on pace to obtain)
  • BS in Computer Science, Information Systems, or related field

Chubb is a world leader in insurance. With operations in 54 countries, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance, and life insurance to a diverse group of clients. The company is distinguished by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength, underwriting excellence, superior claims handling expertise and local operations globally.
At Chubb, we are committed to equal employment opportunity and compliance with all laws and regulations pertaining to it. Our policy is to provide employment, training, compensation, promotion, and other conditions or opportunities of employment, without regard to race, color, religious creed, sex, gender, gender identity, gender expression, sexual orientation, marital status, national origin, ancestry, mental and physical disability, medical condition, genetic information, military and veteran status, age, and pregnancy or any other characteristic protected by law. Performance and qualifications are the only basis upon which we hire, assign, promote, compensate, develop and retain employees. Chubb prohibits all unlawful discrimination, harassment and retaliation against any individual who reports discrimination or harassment.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Audits CISA CISM CISSP Cloud COBIT Compliance Computer Science CRISC Mainframe NIST Risk assessment Risk management SDLC SOC SOX UNIX Windows

Perks/benefits: Career development Insurance

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.