It Audit and Compliance Analyst

20 Jun 2024

Vacancy expired!

Compass Corporate A family of companies and experiences

As the leading foodservice and support services company, Compass Group USA is known for our great people, great service and our great results. If you've been hungry and away from home, chances are you've tasted Compass Group's delicious food and experienced our outstanding service. Our 225,000 associates work in award-winning restaurants, corporate cafes, hospitals, schools, arenas, museums, and more in all 50 states. Our reach is constantly expanding to shape the industry and create new opportunities for innovation. Join the Compass family today!

great people. great services. great results.

Each and every individual plays a key role in the growth and legacy of our company. We know the next big idea can come from anyone. We encourage developing and attracting expertise that differentiates us as a company as we continue to raise the bar.

Positions at this location may require a COVID-19 vaccination and/or regular COVID testing. Where permitted by law, applicants who are offered a position for this location may be asked about their vaccination status, which must meet minimum business requirements. All religious, medical, or other legally recognized exemptions regarding vaccination status will be considered.

Job Description

Perform detailed information technology assessments and audits across all areas of the business. The associate must act as an information security implementation consultant. This position is responsible for managing with an independent partner audit and testing of controls in both, SOC1 & SOC2 audits, HIPAA security audits, internal PII audits, and conducts annual policy and procedure reviews.

Essential Duties include:

  • Participation in the planning, execution and reporting of security audits and assessments with minimal supervision and the management of the remediation activity.
  • Performing Interviews, examinations, and testing of security controls.
  • Assist in preparation of assessment deliverables - Security Control Assessment Report, Security Risk Assessments.
  • Reporting into the Director IT Audit Management the associate will provide audit readiness consulting to clients, internal audit departments and interacts with the senior management, financial auditors, and the senior technology leaders during audits on scoping, controls, identification, and execution of testing plans.
  • Execute and report on information technology, privacy, and operational reviews to identify business, privacy, security, compliance, information technology and regulatory risks.
  • Projects assigned as needed by the Director of IT

Responsibilities

IT Audit Team

Pre-Audits

i. KPMG-SAP

ii. KPMG-JDE

iii. SOC1 & SOC2

iv. Group Audit - Canada ITAudit

SOC1 Audit Planning and Execution

SOC2 Audit Planning and Execution

KPMG Audit Planning and Execution

KITC Audits

Vendor IT Audits, in conjunction with VMO

Internal Audits

1. Re-Implementation of Internal Audits following re-design to streamline efficiency

2. Perform Key IT Control Security Audits regularly for USA & Canada, both BoH and FoH environments
  • In conjunction with IT Director Audit Management, support the audit plan for USA & Canada, both BoH and FoH environments including third party, cloud, hosted application, controls, and POS, working with NA CIO/CISO, VMO, Audit & Group CIO, Group CIS&TO
  • Manage a repeatable and consistent process for performing security audits of target environments, which includes

3. Compare results across multiple security audits, self-assessments over time to:
  • Identify trends (e.g., lack of information risk assessments being performed or weak access control across all business applications)
  • Understand the risk profile of target environments and how they vary over time

4. Deliver security audits that are
  • Agreed with the owners of target environments, defined in scope, and documented
  • Performed by experienced and qualified individuals who have sufficient technical skills (e.g., hold certifications for security audit and testing) and knowledge of information security
  • Conducted frequently and thoroughly (in terms of scope and extent) to provide assurance that security controls have been deployed, operate as designed and meet security objectives (e.g., reduce levels of risk)
  • Validated by competent individuals and carried out by independent external parties where the risk is deemed significant or required by regulatory requirements

5. Include important information and ratings from the results of security audits
  • Control effectiveness (e.g., very low to very high)
  • Conformance classification (e.g., fully/partially/non-compliant)
  • Risks (e.g., red/amber/green (RAG) or insignificant to critical)
  • Business, compliance, and technology implications (e.g., values entered in a business impact reference table such as very low to very high & recommendations, actions, and costs (e.g., priority, timescales, and responsibilities).
  • Assign audit results requiring remediation to an appropriate owner, log & track results to completion.

6. Conducts Audits
  • Support Client Audits
  • Healthcare Applications
  • Critical Compass Applications
  • Privileged Account Audits
  • IT Systems Access
  • Cloud AWS/Azure Environments, Standards, and Access
  • Publicly Available IT Resources

Qualifications

  • AS, BA or BS degree in MIS, Computer Science, Finance or Accounting. Strong experience and expertise with Windows, SAP, AD, AWS, Google Cloud Platform and Cisco environments.
  • Five or more years total audit/system experience including at least two years of systems audit experience.
  • Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA).
  • Working knowledge of security compliance criteria, best practices, policy and procedure review, gap analysis, and risk assessments.
  • Experience with Service Organization Control (SOC) audits and HIPAA. CPA, CFE, Security+ and CISSP desired.

Apply to Compass Group today!

Click here to Learn More about the Compass Story

Compass Group is an equal opportunity employer. At Compass, we are committed to treating all Applicants and Associates fairly based on their abilities, achievements, and experience without regard to race, national origin, sex, age, disability, veteran status, sexual orientation, gender identity, or any other classification protected by law.

Qualified candidates must be able to perform the essential functions of this position satisfactorily with or without a reasonable accommodation. Disclaimer: this job post is not necessarily an exhaustive list of all essential responsibilities, skills, tasks, or requirements associated with this position. While this is intended to be an accurate reflection of the position posted, the Company reserves the right to modify or change the essential functions of the job based on business necessity. Los Angeles applicants: Compass Group will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring (Ban the Box ordinance)

Associates at Corporate are offered many fantastic benefits.
  • Medical
  • Dental
  • Vision
  • Life Insurance/ AD
  • Disability Insurance
  • Retirement Plan
  • Paid Time Off
  • Holiday Time Off (varies by site/state)
  • Associate Shopping Program
  • Health and Wellness Programs
  • Discount Marketplace
  • Identity Theft Protection
  • Pet Insurance
  • Commuter Benefits
  • Employee Assistance Program
  • Flexible Spending Accounts (FSAs)
Req ID: 1005545

Compass Corporate

MARY DICKSON

[[reqclassification]]

  • ID: #43356858
  • State: North Carolina Charlotte 28201 Charlotte USA
  • City: Charlotte
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2022-06-20
  • Deadline: 2022-08-18
  • Category: Et cetera