We are looking for an Senior IT Audit Anaylst with NYDFS/CMMC/CPNI/PII/PCI/PSR/CCPA knowledge or BG local to Overland Park, KS or Frisco, TX Area. Job Details: Job Title: Senior IT Audit Analyst Job Duration: 8+ Months on W2 with potential to HireJob Location: Overland Park, KS/Frisco, TX Job Description: Will be supporting day-to-day operational supplemental support for CMMC (CyberSecurity Maturity Model Certification), NYDFS (New York Department of Financial Services, CPNI (Customer Privacy Network Information, PII (Personal Identifiable Information), PSR Privacy Security Reviews, CCPA California Customer Privacy Act), PCI Payment Card Industry) One of the key skills you have are: Ability to translate control language into wording that control owners and operators will understand and be able to provide evidence and methods and procedures to fulfill the requests.From a 2nd line of defense category, here are our key roles and responsibilities. Think of our time study and any special coding, script building or actual functions you are providing that are "NOT Listed here. (Example updating SOX flags in ITSM)Provides consultation on design and implementation of controls and alignment (Control Owners, Control Operators, 1st and 3rd line of defense, External Auditors, and Internal Control Supplemental Support teams like KPMG, Internal Audit, etc.)Monitors and manage controls for effectiveness and remediation/Control Rationalization (Quality Assurance, managing those timelines and resources)Liaison between various external auditors and internal operators (FCG, KPMG, Internal Audit, etc.)Review evidence/performs risk assessments Quality Assurance and actual test effectivenessAssists where proof of effective design and operation of controls are neededReports to Leadership on status metrics and tracking escalations where neededFacilitates changes to the list of control owner/operators in tools Updates to Aurora and PwC Connect, etc. so that narratives, requests, owner and operator updates, assignment of requests, are all current. Constant changes.Performing Detective Controls for Legacy Sprint NSA compliance reviewing daily reports and taking actions when we non vetted user accounts are discovered on USG and USG Limited flagged serversPerform 24 x 7 Operational Support for Qradar Retention logging environment (Legacy Sprint)Enter EPP Requests for IT and Operational Support personnel including KPMG resources to have access to or BOB reports, ITSM system as the official source of record to search and utilize as evidence for Audit ControlsEnter Service Requests and assign to Control Operators for multiple Compliance Programs.Enter Tickets for user access removals for Non-Vetted Accounts and for remediation of Developers found on Production SOX serversMonitor daily Varonis file share report. Reach out to server owners (from MSL) to verify need for shared folder. Begin process of bringing folder into compliance working with the Varonis team.Monitor daily reports produced by James Tye's reporting for 6 different controls (4 reports for SOD, local admin approval, server access approvals, term check, dev check, CSG vetting). Take appropriate action on results for each report. Primarily removing users from groups, reaching out to ticket approvers, and verification of CSG vetting.Review evidence for PSR controls This requires understanding of control language and the ability to match control language to evidence samples provided from various applications and operating systems.Agency should conduct screening interviews and skill assessments so hiring manager can be confident the candidates they are interviewing meet the job requirements and concentrate on evaluating the candidates' other traits, such as personality, work style, and communication and problem-solving skills.
