Security Compliance Audit - Remote

Job Description:

Security Compliance Audit– Security Assurance - Remote

This is a remote position - the candidate can be located anywhere in Costa Rica.

At DXC we use the power of technology to deliver mission-critical IT services that our customers need to modernize operations and drive innovation across their entire IT estate. We provide services across the Enterprise Technology Stack for business process outsourcing, analytics and engineering, applications, security, cloud, IT outsourcing and modern workplace

About this role

Security Compliance Audit Coordinators are responsible for planning, coordinating, facilitating, and providing guidance to DXC account and delivery teams, and/or groups of control owners and subject matter experts responsible for specific operational areas and functions supporting technology systems or tools (collectively referred to herein as “DXC teams”) in the scope of System and Organization Controls (SOC) audits and other attest engagements.  The Security Compliance Audit will plan and coordinate the development and execution of the internal audit plan for appropriate regulatory and assurance compliance audit coverage, and interface/assist external audit teams as needed. The Security Compliance Audi will act as a liaison between the DXC teams and the auditing firm ensuring effective planning, creation of and adherence to timelines and effective communication and interpretation of SOC audit evidence and issues.  Candidates should have a strong background in developing processes, procedures, and methodologies to ensure compliance.

What you will do

Primary Activity – SOC 2 Type Audit Report (Protiviti Audit)

Responsibilities include:

Work with the client directly to create a scope for the current year audit engagement (i.e., agreed to a device inventory and controls to be tested)
Work directly with the third-party auditing firm (Protiviti)
Manage all audit requests (approx. 100) and follow-up items from the Protiviti auditors; distribute the requests to appropriate DXC delivery teams, servers, mainframes, network, availability, capacity, decommissions/asset disposal, etc.
Ongoing monitoring of audit requests by soliciting feedback/following up with the DXC delivery teams to ensure audit requests are completed appropriately with accurate information and returned on time to the requesting auditors
Validate any findings reported by the auditors
Report findings to DXC account/security leadership
Provide feedback on correction actions or remediation plans to address the findings
Provide a weekly “executive” summary of any timeline issues/escalation and any new audit findings; summary reports to be vetted by DXC account/security leaderships and shared with the client during bi-weekly governance meetings
Participate in the final report review that will be delivered to the client
Ensure correction action plans are completed before the next audit engagement
Secondary Activity - Assist with the SOC 1 Audit Report (Deloitte Audit)

Responsibilities include:

Assist with managing Logical Access audit requests from the DXC Third Party Assurance (TPA) representative/Deloitte auditor; distribute the requests to appropriate DXC delivery teams, servers, mainframes, etc.
Monitor audit requests by soliciting feedback/following up with the DXC delivery teams to ensure audit requests are completed appropriately with accurate information and returned on time to the requesting TPA representative/auditors
Validate any findings reported by the auditors
Provide a summary of any timeline issues/escalation and any new audit findings; summaries to be vetted by DXC account/security leadership and shared with the client during bi-weekly governance meeting
Job Requirements, Essential: 

Previous auditor experience with an auditing firm is a strong plus
Experience with an emphasis on information technology, information security, regulatory or other compliance management
Excellent understanding of project management principles
Experience with risk management techniques
Knowledge of regulatory and assurance compliance requirements (such as ISO 27001, SSAE 18 (SOC 1 & 2), HIPAA/HITECH, PCI, NIST 800-53 or Data Privacy)
Advanced English level; written and verbal
Team player 
Qualifications:

4 + years experience in security, compliance, and data privacy. 
Bachelors, undergraduate degree, equivalent diploma, or combination of education and relevant experience. 
Skilled in planning, problem solving, analysis, collaboration, and communication. 
Strong organization skills to balance work and execute audit plans for complex systems in a highly matrixed organization.
Proficient with Microsoft Office suite (Word, Excel, PowerPoint) & Share Point. 
Professional certifications such as PMP, CISA, CISM, CISSP, etc. a plus.
Joining DXC connects you to brilliant people who embrace change and seize opportunities to advance their careers and amplify customer success. At DXC we support each other and work as a team — globally and locally. Our achievements demonstrate how we deliver excellence for our customers and colleagues. You will be joining a team that works to create a culture of learning, diversity and inclusion and are dedicated to strong ethics and corporate citizenship.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.