Share this Job
impact where it matters

Compliance & Audit Associate (Evanston, IL)

ZS is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. From R&D to portfolio strategy, customer insights, marketing and sales strategy, operations and technology, we leverage our deep industry expertise and leading-edge analytics to create solutions that work in the real world. Our most valuable asset is our people—a fact that’s reflected in our values-driven organization in which new perspectives are integral and new ideas are celebrated. ZSers are passionately committed to helping companies and their customers thrive in industries ranging from healthcare and life sciences, to high-tech, financial services, travel and transportation, and beyond.

ZS's Corporate Support teams operate the firm's core internal enterprise functions. Our global teams comprise team-oriented, pragmatic and results-driven people who thrive in a challenging work environment. Our people come from diverse backgrounds, but share a passion for quality customer service and dedication - whether our customer is a client or another ZS employee.

Information Technology provides products and services to ZS to ensure successful business outcomes. IT provides internal information technology solutions and support for ZS, including custom enterprise Web and ERP applications, IT infrastructure and technology support.

COMPLIANCE AND AUDIT ASSOCIATE

We are currently seeking applicants for the position of Compliance and Audit Associate to join our US IT Compliance and Audit team. The position will support various, management directed, IT internal audit and compliance initiatives which include ongoing monitoring of the quality of operations of our Software as a Service (SaaS) products and solutions and business line offerings with ZS mandated standards, policies and procedures. Qualified candidates will possess the skills detailed below and relevant work experience. Please note, this position is not client facing and does not require travel to client sites, unless specifically directed by management. This position may require travel to other ZS offices to assist with audits, as directed.

Responsibilities:

  • Execute IT audit projects designed to provide assessment of internal control processes in accordance with ZS’s IT policies, data security and privacy practices and legally binding contractual obligations and commitments to its clients.
  • Perform IT risk assessments and third-party cloud vendor security and privacy risk assessments.
  • Execute detailed plans for performing individual audits in accordance with the ZS IT audit program.
  • Prepare audit work papers and reports documenting the results of reviews of assigned activities and recommended management action.
  • Participate in the planning and coordination of all audits of ZS’s data security and privacy environment by ZS’s clients.
  • Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry IT trends to identify potential issues and risks.
  • Participate in reviews of internal controls and security of systems under development as needed.
  • With assistance from senior personnel, liaise with internal and external stakeholders to ensure IT compliance related documentation is kept up to date with ZS’s compliance requirements, obligations and commitments, as needs evolve.
  • Liaise with appropriate stakeholders including IT, Legal, HR, Finance and others, as needed, to ensure that compliance requirements are incorporated into ZS configured compliance workflow management tools.
  • Assist with monitoring of ongoing organizational compliance with IT change management, logical and physical access, IT operations and other control procedures, as deemed necessary by management from time to time. Actively maintain findings and remediation recommendation registers. Track remediation activities to completion.
  • Assist with the documentation of IT policies and procedures (e.g. IT change management, logical and physical access processes, data backups and restoration, disaster recovery processes).
  • Assist with responding to client-driven RFPs, RFIs, and external security and privacy audits and questionnaires, as requested by management.
  • Assist in the development of appropriate IT compliance training material and conduct training of impacted stakeholders, as needed.
  • Assist with other IT audit and compliance related initiatives and special projects as assigned from time to time.

Qualifications:

  • BS/BA in Management Information Systems (MIS), computer science or related field with record of high academic achievement required;
  • At least 1 year of experience performing IT audits, end to end, including the documentation of audit plans, audit test scripts, audit narratives, test results, findings and remediation recommendation listings;
  • At least 2 years of experience participating in IT audit engagement lifecycles (e.g. US SOX, US SOC1 & SOC2 audits) with some senior personnel oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement;
  • Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers;
  • Experience documenting IT policies and procedures (e.g. IT change management, logical and physical access, data backups and restoration processes);
  • Excellent communication and organizational skills – preferably with international exposure;
  • Excellent command over the English language, verbal and written; experience writing IT audit narratives and reports required;
  • Ability and willingness to work hours which overlap with International time zones (e.g. India Time zone);
  • Ability and willingness to travel to other ZS offices, as needed, to assist with compliance and audit engagements.

Technical expectations include:

  • Basic working knowledge of web-based applications, operating systems and databases including Windows Active Directory, Linux, Microsoft SQL and Oracle;
  • Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, Access, SharePoint);
  • Basic working knowledge of various control frameworks including:
    • COBIT – Control Objectives for Information and Related Technology
    • ISO/IEC 27001:2013 –  Code of Practice for Information Security Management
    • NIST SP 800-53
    • HIPAA/HITECH Security and Privacy Audit Protocol
    • Shared Assessments Standard Information Gathering (SIG) framework
  • Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including:
    • US SOX – Sarbanes Oxley Act
    • US HIPAA/HITECH Act
    • EU GDPR – General Data Protection Regulation
    • US EU Privacy Shield
    • India IT Act (data privacy provisions)
    • India Companies Act

 

 

 

ZS is a global consulting firm; fluency in English is required, additional fluency in at least one European or Asian language is desirable. 
Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered.
ZS offers a competitive compensation package with salary and bonus incentives, complete medical/dental/life insurance programs and retirement savings benefits. We are an Equal Opportunity Employer.
NO AGENCY CALLS, PLEASE.

Connect with ZS on social media:

ZS has been recognized globally for its expertise in consulting and its flexible work environment. View ZS’s accolades.

#LI-JA1


Nearest Major Market: Chicago