Sr Information Security Compliance and Audit Analyst

About The Position

Requirements

• Bachelor’s degree in computer science, engineering, or related science and math discipline with an information security or business emphasis is required.
• A minimum of 5 years of experience with IS compliance projects (specifically ISO27001)
• Understands key security concepts such as access management, vulnerability and patch management, security information event management, and encryption
• Strong understanding of TCP/ IP and other network protocols
• Understanding of the basic audit best practices, standards and methodologies
• Ability to formulate detailed technical documentation preferred
• ASQ Certified Engineer, Auditor or OE Managers preferred
• Experience using SharePoint, MS Excel, Word, PowerPoint and Visio
• Must possess a valid passport and be legally allowed to leave and return to originating country.
• The ability to work independently and in cross functional teams
• Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
• Understands, analyzes, and documents cost/benefit analysis where appropriate.
• Actively accepts individual and team responsibilities and meet commitments.
• Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
• Ability to multi-task and work on projects concurrently and under tight deadlines
• Must be detail oriented and customer focused with excellent time management skills
• Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Systems department.
• Possesses understanding of Ingram Micro’s business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.
• Excellent verbal, written and inter-personal communication skills
• Strong communication skills; capable of explaining technical issues simply both verbally and in writing
• Keeps his/her manager informed of any problems, challenges, or unanticipated events affecting his/her work.
• Listens respectfully and avoids interrupting.
• Expresses ideas and suggestions in an organized and concise manner both orally and in written form.
• Solicits and readily accepts constructive feedback.
• Maintains composure when addressing an adversarial or hostile audience.
• Researches and collects appropriate data points for effective decision making.
• Readily makes recommendations and includes necessary documentation and material to support conclusions.
• Identify, develop and manage innovative ideas and solutions to problems.
• Identify opportunities to reduce inefficiencies in work processes.
• Recognizes when it is appropriate to challenge the status quo and when it is not.
• Supports team decisions to implement changes, suggestions, improvements, and solutions.
• Encourages and supports the exploration and application of best practices.
• Offers assistance to others and shares information regardless of personal likes or dislikes.
• Prevents personal conflicts from interfering with his/her objectivity.
• Consistently arrives on time for meetings and appointments.
• Accepts responsibility for the results of his/her decisions and actions.
• Behaves in a way that is consistent with Ingram Micro’s values.

Responsibilities

• Manage and Support IT compliance activities for regional information security support of ISO27001 auditing, reporting and remediation where appropriate.
• Coordinate and communicate IT compliance activities to align with Global Information Security leadership in support and improvement of ISO27001 management system.
• Ensure regional Information Security compliance to Information security standards (ISO27001) requirements
• Plan and conduct complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
• Leads and/or participates on audit/compliance activities of various locations and departments for compliance with plans, policies and procedures.
• Execute operational activities to support IS audit and compliance activities including technical validation processes.
• Execute collection of evidence to support compliance status
• Provide and present reporting including monthly metric delivery
• Manage escalation and enforcement for unresolved noncompliance issues
• Manage and Support External Audit activities and reporting
• Work with Information Security staff to ensure tools and reporting mechanisms are satisfactorily meeting statutory objectives
• Support compliance and security validation of all 3rd party IT providers
• Maintain strong working relationships with internal and external support teams including Global, Regional and Country Information Security associates
• Work on special projects as required by management
• Stay abreast of changes within the Information Security compliance areas including business change requirements and regulatory changes from an international perspective
• Support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations
• Work as the Subject Matter Expert (SME) on assigned projects and offers council regarding the intent of Compliance requirements

Benefits

• U.S.-based employees have access to healthcare benefits, paid time off, parental leave, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and wellbeing benefits, among others.