Sr. Auditor, Cybersecurity

Overview:
Recruiter: Montserrat Tavares

Position reports to: Brandon Sauve

STATEMENT:
This position is intended to assist the Company to accomplish its objectives by bringing a disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Additionally, this role is expected to support the Cybersecurity Governance Risk and Compliance team in IT risk assessments and compliance related activities.

DETAILED RESPONSIBILITIES:

- Independently perform periodic review under System Access Review (“SAR”) and General Data Protection Regulation (“GDPR”) and related compliance programs.
- Define and document business and technical requirements for Identity and Access Management systems, including requirements for establishing role, entitlements and access definitions, defining the provisioning lifecycle processes, user account lifecycle processes, reconciliation, certification, provisioning, and de-provisioning processes.
- Act as a team lead and SME with respect to the System Access Reviews for the IAC team.
- Independently perform periodic testing of Cybersecurity/GTS department processes for compliance with requirements of Herbalife policy, procedures, third party contract terms, and various government regulations
- Independently perform Cybersecurity audit deficiency root cause analysis, remediation design, tracking, effectiveness/validation testing and status reporting to management
- Provide significant direct support for 3+ of the Cybersecurity Compliance Programs including but not limited to (Cybersecurity Compliance, Training, IT Audit, Remediation Tracking, Document Management, SOX ITGC Testing, External and Internal Audit support, Robotic Process Automation, Risk Management, Reporting, Monitoring)
- Provide inputs to evaluate existing processes, tools, and services and suggest new ones that most effectively reduce risk, enhance operational effectiveness, and improve processes.
- Cultivate and maintain relationships with key stakeholders at varying organizational levels
- Other duties as assigned

SUPERVISORY RESPONSIBILITIES:
None.

Job Qualifications:
REQUIRED QUALIFICATIONS:
(Please be sure that each of the qualifications listed in this section are truly required to perform the essential functions of the job. If not, they should reside in the PREFERRED QUALIFICATIONS section.)

**Skills**:Soft Skills:

- Strong customer focus (fast turn-around on assignments, empathetic, polite, business appropriate in behavior, good listening and problem-solving skills)
- Able to meet high volume of work assignments over short time frames, to required quality standards
- Calm under pressure
- Self-confident but open to positive criticism
- Able to effectively take direction from supervisor
- Strong analytical skills (critical thinking, root cause analysis, problem identification/ resolution, data analysis for underlying meaning and trends, and information gathering)
- Process minded/driven (able to understand, leverage and think quickly in terms of best practices in documentation and workflow
- High degree of flexibility, adaptability, with willingness and ability to evolve with the job
- Successful working independently or as part of a high-performance team
- Strong written and verbal communication skills (documentation, facilitation and presentation skills
- Ability to multi-task, prioritize and complete tasks with general supervision

Technical Skills
- Effective in use of Word to create procedure documents
- Effective in use of Visio to create operations process flow diagrams
- Effective in use of Excel to create/manipulate tracking sheets, charts and graphs (e.g., pivot tables, vlookup)
- Familiar with relational database concepts and user provisioning process.
- Strong computer skills, including MS Office

Languages:

- Advance in English.

**Experience**:

- Identity & Access Management
- Security & Risk
- Evaluating the design and operational effective of Technology Security Controls
- Identity Governance and Administration
- Understanding of Audit & Risk Controls for technology systems
- 3+ Years audit or compliance experience, including SOX

**Education**:

- Bachelor’s Degree or 4+ years of audit or compliance experience
- One or more information Security or Audit certifications (e.g., CISSP, CISM, CISA) is a plus.

PREFERRED QUALIFICATIONS:
(Note: These are additional requirements BEYOND what is required to be considered for the role.)
- Sarbanes Oxley IT audit experience and Access controls
- Oracle segregation of duties
- Oracle Governance, Risk and Compliance Controls Suite formerly Logical Apps
- Experience with COBIT & Information Technology Infrastructure Library (ITIL) standards and the associated domain areas
- Experience with COSO, ISO standards or CIS Controls
- Advanced documentation / business writing experienced
- Big 4 audit experience
- Certificate of Internal Audit (CIA) or Certificate of Information Systems Audit (CISA) certi