SecOps- Audit and Compliance"

Job Description

MSCI SecOps is a multi-functional team with operations grouped into SOC, Operations, Vulnerability Management, Perimeter Security. One of the key parts of the operations is the role for the audit and compliance. This role is an individual contributor responsible for planning and executing audit and regulatory required tasks, such as access review. It includes meeting the requirements of various standards and regulations, including: SOX (Sarbanes-Oxley Act) SOC Type 1 and Type 2 (Service Organization Control) ISO27001 (Information Security Management) BMR (Benchmark Regulation) The role involves facing internal and external audits, including client queries. It requires providing evidence and clarifications as needed during these audits Your Key Responsibilities Maintain the correct understanding of the control wordings and risks they are covering: Ensure that the control wordings are accurately interpreted and understood. Identify and assess the risks associated with each control. Continuously update knowledge on control requirements and risk management. Drive the scoping discussion with different stakeholders: Initiate and lead discussions with various stakeholders to define the scope of audit and compliance activities. Collaborate with stakeholders to ensure that all relevant aspects are considered. Document the outcomes of scoping discussions for future reference. Plan and execute the activities required to meet the compliance requirements: Develop detailed plans for executing compliance-related tasks. Ensure that all activities are aligned with regulatory and audit requirements. Monitor progress and adjust plans as necessary to meet deadlines. Coordinate with different stakeholders for timely closure of the activities: Communicate effectively with stakeholders to ensure timely completion of tasks. Address any issues or delays promptly to keep activities on track. Facilitate collaboration among stakeholders to achieve common goals. Track the remediation for completeness: Monitor the remediation process to ensure that all issues are addressed. Verify that corrective actions are implemented effectively. Maintain records of remediation activities for audit purposes. Drive control improvement tasks: Identify opportunities for improving existing controls. Develop and implement strategies for enhancing control effectiveness. Continuously evaluate and refine control processes. Drive (and if possible, implement) automation tasks using scripting to improve the efficiency of the data collection and review tasks: Explore automation solutions to streamline data collection and review processes. Develop scripts and tools to automate repetitive tasks. Implement automation solutions to enhance efficiency and accuracy. Your skills and experience that will help you excel Familiarity with regulatory and audit requirements (e.g., SOX, SOC, ISO27001, BMR). Knowledge of risk assessment and management techniques. Ability to provide evidence and clarifications during audits. Ability to maintain records of remediation activities. Ability to develop and implement strategies for enhancing controls. Knowledge of scripting languages and automation tools.