Vacancy expired!
Compass Corporate A family of companies and experiences
As the leading foodservice and support services company, Compass Group USA is known for our great people, great service and our great results. If you've been hungry and away from home, chances are you've tasted Compass Group's delicious food and experienced our outstanding service. Our 225,000 associates work in award-winning restaurants, corporate cafes, hospitals, schools, arenas, museums, and more in all 50 states. Our reach is constantly expanding to shape the industry and create new opportunities for innovation. Join the Compass family today!great people. great services. great results.Each and every individual plays a key role in the growth and legacy of our company. We know the next big idea can come from anyone. We encourage developing and attracting expertise that differentiates us as a company as we continue to raise the bar.Positions at this location may require a COVID-19 vaccination and/or regular COVID testing. Where permitted by law, applicants who are offered a position for this location may be asked about their vaccination status, which must meet minimum business requirements. All religious, medical, or other legally recognized exemptions regarding vaccination status will be considered.Job Description Perform detailed information technology assessments and audits across all areas of the business. The associate must act as an information security implementation consultant. This position is responsible for managing with an independent partner audit and testing of controls in both, SOC1 & SOC2 audits, HIPAA security audits, internal PII audits, and conducts annual policy and procedure reviews.Essential Duties include:- Participation in the planning, execution and reporting of security audits and assessments with minimal supervision and the management of the remediation activity.
- Performing Interviews, examinations, and testing of security controls.
- Assist in preparation of assessment deliverables - Security Control Assessment Report, Security Risk Assessments.
- Reporting into the Director IT Audit Management the associate will provide audit readiness consulting to clients, internal audit departments and interacts with the senior management, financial auditors, and the senior technology leaders during audits on scoping, controls, identification, and execution of testing plans.
- Execute and report on information technology, privacy, and operational reviews to identify business, privacy, security, compliance, information technology and regulatory risks.
- Projects assigned as needed by the Director of IT
- In conjunction with IT Director Audit Management, support the audit plan for USA & Canada, both BoH and FoH environments including third party, cloud, hosted application, controls, and POS, working with NA CIO/CISO, VMO, Audit & Group CIO, Group CIS&TO
- Manage a repeatable and consistent process for performing security audits of target environments, which includes
- Identify trends (e.g., lack of information risk assessments being performed or weak access control across all business applications)
- Understand the risk profile of target environments and how they vary over time
- Agreed with the owners of target environments, defined in scope, and documented
- Performed by experienced and qualified individuals who have sufficient technical skills (e.g., hold certifications for security audit and testing) and knowledge of information security
- Conducted frequently and thoroughly (in terms of scope and extent) to provide assurance that security controls have been deployed, operate as designed and meet security objectives (e.g., reduce levels of risk)
- Validated by competent individuals and carried out by independent external parties where the risk is deemed significant or required by regulatory requirements
- Control effectiveness (e.g., very low to very high)
- Conformance classification (e.g., fully/partially/non-compliant)
- Risks (e.g., red/amber/green (RAG) or insignificant to critical)
- Business, compliance, and technology implications (e.g., values entered in a business impact reference table such as very low to very high & recommendations, actions, and costs (e.g., priority, timescales, and responsibilities).
- Assign audit results requiring remediation to an appropriate owner, log & track results to completion.
- Support Client Audits
- Healthcare Applications
- Critical Compass Applications
- Privileged Account Audits
- IT Systems Access
- Cloud AWS/Azure Environments, Standards, and Access
- Publicly Available IT Resources
- AS, BA or BS degree in MIS, Computer Science, Finance or Accounting. Strong experience and expertise with Windows, SAP, AD, AWS, Google Cloud Platform and Cisco environments.
- Five or more years total audit/system experience including at least two years of systems audit experience.
- Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA).
- Working knowledge of security compliance criteria, best practices, policy and procedure review, gap analysis, and risk assessments.
- Experience with Service Organization Control (SOC) audits and HIPAA. CPA, CFE, Security+ and CISSP desired.
- Medical
- Dental
- Vision
- Life Insurance/ AD
- Disability Insurance
- Retirement Plan
- Paid Time Off
- Holiday Time Off (varies by site/state)
- Associate Shopping Program
- Health and Wellness Programs
- Discount Marketplace
- Identity Theft Protection
- Pet Insurance
- Commuter Benefits
- Employee Assistance Program
- Flexible Spending Accounts (FSAs)
- ID: #42597235
- State: North Carolina Charlotte 28201 Charlotte USA
- City: Charlotte
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2022-06-08
- Deadline: 2022-08-06
- Category: Security