Senior Analyst, IT Compliance

CCC Intelligent Solutions

1d•$84,724 - $125,000

About The Position

CCC Intelligent Solutions Inc. (CCC) is a leading cloud platform for the multi-trillion-dollar insurance economy, creating intelligent experiences for insurers, repairers, automakers, part suppliers, and more. At CCC, we’re making life just work by empowering more than 35,000 businesses with industry-leading technology to get drivers back on the road and to health quickly and seamlessly. We’re pushing boundaries with innovative AI solutions that simplify and enhance the claims and repair journey. Through purposeful innovation and the strength of its connections, CCC technologies empower the people and industry relied upon to keep lives moving forward when it matters most. Learn more about CCC at www.cccis.com. The Role The Senior Analyst, IT Compliance will assist in tackling CCC’s dynamic business environment with its ever-evolving ways of working through the adoption of sophisticated and emerging technologies to deliver business focused solutions for our customers that are innovative, secure, and efficient. The Senior Analyst will report to the Associate Director, IT Compliance and support this ongoing transformation as a strategic, collaborative and trusted advisor and will be responsible for establishing and maintaining the company’s IT governance, risk, and compliance program.

Requirements

Bachelor’s Degree in Computer Science, Management Information Systems, or other technology-related field
4+ years of experience in IT auditing, IT compliance, or related industry
Strong project management skills with inherent ability to drive multiple programs, stakeholders, and teams towards organizational goals.
Experience developing frameworks and processes to drive a risk-based approach to incorporating standard frameworks such as COBIT, ITIL, ISO, COSO, and NIST into an enterprise compliance management process.
Experience with SOX/working in a publicly held company.
Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations.
Ability to influence others at senior levels and establish credibility and working relationships with a wide range of corporate personnel, including technical operations, management, and executives as well as internal audit and external regulators.
Capable of establishing and maintaining an effective program structure that emphasizes the coordination of resources across projects, managing deliverables between projects, and the overall costs and risks of the compliance programs.
Experience with the development of formal written reports to communicate audit results and recommendations to management and business stakeholders.
Ability to facilitate productive meetings and work successfully in a team-oriented environment.
Strong ability to handle multiple competing priorities in a fast-paced environment.

Nice To Haves

Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certification preferred.

Responsibilities

Provide centralized audit and IT compliance support in the facilitation of all audit and other customer assessment requests and remediation efforts. Primary audits currently include IT SOX, SOC 1, and SOC 2.
Assist in enhancing and maintaining IT Governance frameworks, policies, standards and procedures, and response plans.
Drive consistency in the way IT risks are identified, controls are implemented and monitored, and share best practices and learnings across the company.
Analyze current IT risks and identify/monitor emerging risks which can affect the company and work with leaders and IT managers to ensure existing and emerging risks are understood and appropriate mitigations are implemented.
Facilitate IT risk and governance program activities, such as risk assessments, risk exceptions, risk ratings, business risk consultations, risk mitigation and remediation recommendations, and capability maturity assessments.
Advise on and assist with maintaining oversight of the company’s remediation efforts for IT risk exposures, gaps, and deficiencies, and complete remediation validation to assess effectiveness of improved controls.
Work with company IT leadership to assist and advise in the development, communication, and execution of Key Risk and Performance Metrics (KRI/KPI) and related tolerances, establish monitoring reports, and develop analysis and reporting to identify and communicate risk insights.
Assist in facilitating company compliance of identified IT controls (ITGCs, Application, Cloud, Cybersecurity, etc.) as needed.
Identify and resolve technical, operational, risk management, and organizational challenges.
Develop and cultivate close working relationships and coordinate with executive and senior partners in other technology departments related to the program.
Partner with control owners (first line), internal and external audit (third line), and corporate Compliance and Legal Teams to support independent reviews, risk assessments, and other customer needs.
Provide support in the evaluation of risks and controls, particularly when evaluating the risk and controls of high-risk systems and applications.
Facilitate and oversee training to address identified weaknesses in team member knowledge of requirements, policies, or procedures, and to foster a culture of compliance.
Provide support in documenting technology controls and technological landscape.