Enterprise Compliance Assessor


National General Insurance

2020-10-12 20:22:41

Job location Winston-Salem, North Carolina, United States

Job type: fulltime

Job industry: I.T. & Communications

Job description

Position/Title: Enterprise Compliance Assessor

Location: 100% Remote in North Carolina (must be within a few hours of Winston-Salem, NC)

Primary Purpose:
Ensure that National General Policies and processes adhere to regulatory and legal compliance standards such as PCI, HIPAA, NY DFS, HITRUST and ISO Cybersecurity Frameworks. The Compliance Assessor will work with the other members of the team to enhance business practices and internal controls and performs other internal audit related activities to support the execution of the department's annual audit plan.

Essential Duties and Responsibilities:

  • Works with Security Architects, Security Analysts, Security Administrators and other IT and business departments to review procedures and controls to meet IT compliance requirements
  • Ensure enterprise-wide needs for due diligence, risk assessment, and constant vendor monitoring are being accomplished
  • Develop regular reports on contract milestones, execution and risk, and inform internal customers, vendors, and management of activities and progress through regular written and verbal communication.
  • Supports the planning and execution of controls audits related to HIPAA, PCI, NY DFS, MARS-E and other industry/regulatory requirements as well as common security frameworks such as NIST, ISO, and HITRUST
  • Fieldwork/Execution: with appropriate supervision, interacts with all levels of management and performs testing (including walkthroughs), takes ownership to complete clear and well-organized audit work papers that appropriately document the work performed, uses root cause analysis for problem solving and communicates potential issues timely to supervisor.
  • Evaluates risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans.
  • Reporting: Formulates appropriate conclusions regarding the adequacy of internal controls and procedures based on the audit work performed and knowledge of company operation, drafts well written, clear and concise audit report and participates in presenting the findings to the Enterprise Information Risk & Compliance management.
  • Remediation: Monitors the implementation of corrective action plans with first and second lines of defense and presents updates to the findings to the Enterprise Information Risk & Compliance management.
  • Other duties as assigned

Minimum Skills and Competencies:

  • 5-7 years substantive experience as a Compliance Auditor with a licensed financial institution or a regulatory compliance examiner with a federal or state financial services regulator
  • Bachelor's degree in Computer Science or Computer Information Systems or related or equivalent experience
  • Demonstrated knowledge of HIPAA, PCI, SOX, ISO27000 and NIST Cybersecurity Frameworks
  • Excellent communication and writing skills
  • Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments
  • A strong ability to multi-task and manage varying priorities and projects
  • Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a broad range of technical and non-technical staff
  • The ability to provide support after normal business hours as needed
  • Proficient in Microsoft Office (Word, Excel, Access and PowerPoint)
  • Ability to travel, as needed

Desired Skills:

  • CISSP, CISA, CISM, CCRISC, or CGEIT certifications
  • Strong knowledge of cloud based technology and solutions
  • Tripwire Enterprise, Tripwire IP360, Nessus, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS
  • Experience with high-level programming languages (e.g. Java, C, C++, C#, python) and web application development (JavaScript, PHP, ASP)

#LI-PJ1

Inform a friend!

location

Top