Description

Technology Audit & Compliance Senior Manager                                                                                                                            

The Technology Audit & Compliance Architect will design and implement programs to ensure compliance with regulatory and contractual requirements and industry standards (to include HIPAA and PCI) for Asurion, globally. Responsibilities include leading security-related technology audits to drive compliance and alignment of technology resources.  

As part of our Trust Office team, you will work to ensure that our systems and services are designed, operated, and protected to maintain customer trust and regulatory compliance.

You will leverage your background in audit, security, risk, and compliance to evaluate and assess systems and services against Asurion policies and standards. You will partner with stakeholders across Asurion to execute a risk management approach, identify risks, and act as a thought leader who recommends and leads risk mitigation strategies with cross-functional teams across Asurion.

You will work independently with the ability to prioritize workloads, remain flexible, and maintain a strong attention to detail in a fast-paced environment while supporting multiple, simultaneous programs. 

Essential duties & responsibilities:

• Use your in-depth knowledge of regulatory compliance, IT security, and strong customer skills to act as the subject matter expert to internal technology and operations teams in a Trusted Advisor capacity to assist their understanding of the HIPAA requirements related to their applications.
• Develop the HIPAA compliance program from risk identification to executive reporting.
• Conduct and complete pro-active HIPAA assessments on behalf of the company to ensure the company’s ability to protect PHI data. 
• Lead regulatory remediation projects and risk mitigation efforts. Track and manage action plans for remediation of audit findings.  Perform analysis and reporting of compliance gaps.
• Provide subject matter expertise related to PCI, HIPAA or client security requirements to internal technology and operations teams to ensure Company’s ability to maintain compliance when modifying or implementing applications involving sensitive data.
• Implement best in class Risk & Compliance Management practices with minimal impact to the business.
• Lead Asurion’s response to client audit requests and coordinate collection of audit artifacts.
• Monitor issues to provide assurance reporting of how Company is complying with specific country and industry regulatory requirements and the internal control framework in order to maintain a compliant, audit-ready posture.
• Coordinate and represent Asurion in negotiations with external auditors.
• Train audit participants in audit preparation and response.
• Perform other related duties as assigned.

Requirements

Minimum years of related work experience required: 5 - 8+

Education and/or formal training:

• BS/BA Computer Science or equivalent related education required
• Must currently hold one or more of the following security certifications:
  • CISSP or CISM
• Must currently hold one or more of the following audit certifications:
  • CISA, GSNA, IRCA, ISMS Auditor, or Certified ISO 27001 Lead/Internal Auditor
• PCI QSA or ISA certification desirable

Knowledge, skills and abilities:

• 5+ years progressive experience in information security or technology audit, including experience with issue resolution and leading teams in a cross-functional setting.
• Experience in technology audit, risk analysis, and compliance testing.
• Good working knowledge of security regulations and industry best practices.
• In-depth knowledge of HIPAA and demonstrated experience with HIPAA program development
• 5+ years leading global regulatory compliance efforts (e.g. HIPAA, PCI, SOX, Privacy).
• Experience evaluating the design and effectiveness of IT controls.
• Knowledge of auditing frameworks and international standards, such as ISO 27001/27002, PCI DSS, HIPAA/HITRUST, SSAE 18, COBIT and ITIL.
• Experience or familiarity with governance, risk and compliance (GRC) tools such as ServiceNow.
• Strong analytical and problem resolution skills. Exceptional business judgment, with the ability to think strategically and give practical advice by balancing business needs with risks.
• Broad and deep technical knowledge across multiple, diverse technical configurations, technologies and processing environments.
• Exceptional interpersonal skills in areas such as teamwork, collaboration, facilitation, negotiation, and persuasiveness.
• Excellent communication (oral, written, presentation) skills. Ability to communicate effectively at all levels of the organization.
• A practiced ability to influence peers, customers and project teams to make security-minded decisions and changes.
• Must be self-directed, organized and have excellent time management skills.
• Ability to work in a fast-paced, dynamic environment while maintaining high quality output and a positive working relationship with peers and management.
• Ability to operate under ambiguous circumstances, address uncomfortable issues, and leverage data to make informed decisions.

Other position considerations:

• Required to read and follow all company policies and procedures.
• Ability to handle proprietary and sensitive information in a confidential manner.
• While the schedule is generally a Monday through Friday daily schedule, this position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
• May involve some travel.