Job
Description
We seek an Audit & Compliance Associate to join our Pune, India office. As a member of the ZS Software as a Service (SaaS) Hosting Team, the Information Security and Compliance Associate will perform (and participate in) the planning, execution, and reporting on technology infrastructure and application security and compliance audits in support of various internal compliance requirements and initiatives as well as client-directed compliance mandates. What you'll do Perform audits in accordance with the plan based on various control frameworks and standards. Establish, monitor, document, and update compliance controls and findings. Create remediation plans based on findings and initiate projects, as necessary, in order to meet commitments made within remediation plans. Participate in client-directed audit and compliance initiatives, including but not limited to, SAS 70 (SSAE 16) audits, client SOX audit assistance requests, and Vendor Data Security and Privacy assessments. Develop and update IT Policies, process maps, templates, and supporting change management tools, as often as needed. Assist in the development of training material in support of IT Policy adoption enterprise-wide; participate in compliance training workshops, as needed. Monitor compliance with existing IT Policies and supporting tools. Liaison with ZS Client Teams and the ZS SaaS Hosting Team Manager to ensure that all mutually agreed upon business operations SLAs are met. Plan and participate in DR planning and testing. Assist with vendor review and selection in support of ongoing internal and client-directed compliance initiatives. Assist the Legal team with the review of client contracts as it relates to technology-specific compliance requirements. Assist the Legal team with the interpretation of various US and EU laws and technical compliance directives and determine potential impact to the organization. Assist with the completion of client RFPs and RFIs as it relates to compliance. Work with IT, consulting, SD Group and legal teams on compliance standards. Security and compliance projects as assigned. What you'll bring 2 years of information systems experience with audit planning, risk assessment, and reporting/documentation. Knowledge of Hardware, software, and networking information technologies. Understanding of IT security, controls, practices, and procedures. Working knowledge of various control frameworks like mentioned below are desirable: COBIT Control Objectives for Information and Related Technology ISO/IEC 27002:2005 Code of Practice for Information Security Management ITIL Information Technology Infrastructure Library SOX Sarbanes-Oxley HIPAA HITECH Health Insurance Portability and Accountability SAS 70 Statement of Auditing Standards No. 70 SSAE 16 Statement on Standards for Attestation PCI DSS Payment Card Industry Data Security Standard Engagements ISAE 3402 International Standard for Assurance Engagements NIST National Institute of Standards and Technology Disaster Recovery planning and testing
