Compliance & Audit Administrator

:
**ZS** is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. From R&D to portfolio strategy, customer insights, marketing and sales strategy, operations and technology, we leverage our deep industry expertise and leading-edge analytics to create solutions that work in the real world. Our most valuable asset is our people—a fact that’s reflected in our values-driven organization in which new perspectives are integral and new ideas are celebrated. ZSers are passionately committed to helping companies and their customers thrive in industries ranging from healthcare and life sciences, to high-tech, financial services, travel and transportation, and beyond.

**ZS’s India Capability & Expertise Center**
**(CEC)** houses more than 60% of ZS people across three offices in New Delhi, Pune and Bengaluru. Our teams work with colleagues across North America, Europe and East Asia to create and deliver real world solutions to the clients who drive our business. The CEC maintains standards of analytical, operational and technological excellence across our capability groups. Together, our collective knowledge enables each ZS team to deliver superior results to our clients.

:
**Responsibilities**:

- Assist in maturing the first line of defense function across IT by helping implement established requirements for monitoring IT controls across the organization;
- Assist with developing a process, risk, control framework with IT to map organizational controls;
- Track and verify adherence to information security polices procedures and requirements;
- Assist with analyzing findings from security monitoring systems. Review all current and existing vulnerabilities for active and acceptable remediation plans;
- Verify that remediation plans are implemented per remediation plan. Proactively review and identify any potential gaps that may result in possible audit issues;
- Assist with reviewing vulnerability scan results to identify security risks and report on findings to appropriate stakeholders;
- Provide input to the creation and management of security risk scorecards based on risk levels assigned to ZS managed assets and personnel with access to sensitive information (e.g. in accordance with a data classification matrix);
- Provide input to compliance and audit team members in support of the development and maintenance of an appropriate internal audit program;
- Provide input to risk assessment processes for key enterprise and client facing systems;
- Incorporate feedback received from risk assessment processes, and internal and external audits to adjust and fine tune technology risk governance processes;
- Liaise with internal and external stakeholders to ensure IT compliance related documentation is kept up to date with ZS’s compliance requirements, obligations and commitments, as needs evolve;
- Liaise with appropriate stakeholders including IT, Legal, HR, Finance and others, as needed, to ensure that evolving compliance requirements are incorporated into risk governance processes;
- Assist with managing GRC tools lifecycle including tool configuration needs with appropriate internal and external stakeholders;
- Provide input toward the development of appropriate information security training material and help with conducting training of impacted stakeholders, as needed;
- Assist with other technology risk governance related initiatives and special projects as assigned from time to time.

**Qualifications**:

- Bachelors in any field with record of high academic achievement required;
- 4+ years of experience in risk management and technology compliance disciplines: audits, regulatory compliance, risk management, program management and change management within the security governance and risk management space, required;
- 1+ year** **of experience participating in IT audit engagement lifecycles (**g. US SOX, US SOC1 & SOC2 audits) ISO 27001 audits, with senior personnel oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement;**
- Some experience in identification and remediation of security threats and risks;
- **Some experience maintaining aspects of risk and control registers, audit plans, findings and remediation recommendation registers;**:

- ** Experience with the use of collaboration tools (e.g. SharePoint Online or other GRC like tools) for reporting purposes is strongly preferred;**:

- Detailed knowledge of how operational controls are implemented to meet compliance needs;
- Broad understanding of information security policies and standards, and regulatory/framework compliance;
- Strong communication skills, interpersonal skills, and presentation skills that allow effective interactions/communications with executives, business partners across regional and/or functional lines including the cascade of knowledge to the operating level;
- ** Superior co