Job Description

:Provide management with expertise on IT general controls effectiveness and operational audit oversight. Provide guidance to Guardian's IT organization around IT general controls. Evaluate controls that are in place and ensure compliance with Guardian's corporate policies and regulatory requirements. Serve as lead to manage the IT Risk and Controls Book of Work including testing for SOC1, SOC2, MAR (similar to SOX), Control Assurance, etc. Be able to leverage work across different assurance groups, i.e. MAR, PwC, Internal Audit, State examiners, etc. to create efficiencies and eliminate redundancies. To achieve this objective, this position must effectively work with resources within the IT organization (infrastructure and development areas) as well as compliance resources across the entire firm, external auditors/examiners, and minimize work by leveraging audit findings and recommendations from one group to another. Major Opportunities and Decisions: Manage the IT Risk and Controls Book of Work including managing the resources and able to pivot based on resource availability and activities. Provide leadership to the analysts and ensure proper completion of activities and manage escalation to senior leadership. Provide solutions to IT areas to ensure proper controls are in place based on policies, regulations and best practices. Perform the terminated worker quality assurance process, source report validation (prep for audit), spot-test manual access and investigate root cause - to help ensure controls are continuously operating effectively. Manage remediated exceptions prior to formal retest by MAR, IA, and PwC auditors. Educate and influence IT employees and management on internal control issues and best practices. Leverage resources across IT and business areas as needed Principal Accountabilities: (List 6-8 major areas of responsibilities in order of importance, and purpose of these activities. In addition, identify percent of time normally spent and whether the activity is an essential or minor function.)Based on the focus areas highlighted above, the following matrix expands upon these activities. Please note that the % of time varies to where the Project is within its relative Project Life Cycle. Accountability
Activity
SOX/MAR expanded testing support and Reporting - 50%
Expand SOX/MAR control testing to non-KFS based systems and components. Educate platforms/systems owners on IT general Controls (Logical Security Administration, Change Management, Computer Ops, etc.) Work with owners on remediating any gaps identified and see it through completion. Ensure that controls are monitored and operating as appropriate Escalate un-remediated gaps to management Work with the Application Access Mgt team to ensure completeness of the entitlement reviews 10% Validate Completeness and accuracy of OS and database entitlement reports (e.g., directly from sample components and reconcile to the system generated reports to ensure groups, sub groups, user and Non-unique accounts, privileges, and all servers/DB are in the reports) [AD, wintel, DB2, UDB, SQL, AIX, LINUX, ORACLE] Monitor compliance with Guardian IT policies/GCSO - Password 10% Through periodic inquiry and inspection of different platforms/servers/database ensure password attributes are setup according to Guardian policies. Inspect any Fine Grain Password Policy Ensure any default password set up is changed to comply with policies Monitor compliance with Default/non-unique accounts controls 10% Ensure all Default accounts are disabled or renamed (e.g. Admin). Through inspection ensure access to all non-unique accounts that have interactive log-on capabilities are either restricted or monitored. On a Quarterly basis, ensure completeness of MAR in-scope accounts being monitored in Splunk/Sentrigo (AD, DB, Linux, etc.) Monitor compliance with Change management controls 10% Ensure all system and application production changes are following Guardian Change mgt methodology Ensure authorization, testing, and segregation of duties (access of administrator, developers and production implementors). Monitor compliance with Data backups and restore controls 10% Ensure all production data are backed up according to the specified schedule (daily, weekly, etc.) through inspection of scripts configuration Ensure all alerts are setup appropriately for missed/failed backups
Skills and Knowledge: (Identify core competencies, key specialties, technical, human relations or managerial skills, and knowledge areas necessary to accomplish responsibilities and desired end results.) Education and Experience: (Identify types and length of education and experience needed to acquire the necessary skills and knowledge to accomplish the desired end results.)
Education:
Minimum Bachelor's Degree in Business Administration, Computer Science, Information Systems Administration or an alternative technology related field Experience: Minimum of 6 years' experience, preferably with 2-3 years as an IT audit manager for a Big 4 or large regional/national accounting firm Demonstrated expertise with IT processes, controls and related standards and best practices Expertise with some US Internal Controls frameworks: e.g. COSO, COBIT, Sarbanes-Oxley / MAR, etc. Strong proficiency in identifying and evaluating complex business and technology risks, internal controls to mitigate risks and related opportunities for improving automated/IT controls Excellent knowledge and experience assessing and auditing IT systems and controls; networks and operating systems and/or application support, IT General Controls and IT Application controls. Independent, self-starter, with a strong work ethic, high degree of motivation and the ability to contribute to a positive team attitude; proven dedication to teamwork, and integrity within a professional environment Requirements: Familiar with ITGC domains (LSA, Change Mgt, Computer Ops, etc.) Available during US eastern time business hours (M-F 9-5) Strong Communication skills and command of English language. Strong MS Excel skills in formula (Vlookup, Concatenate, Trim, etc.) Familiar with Windows (Active Directory) and user access/groups/permissions. Ability to analyze, create matrices, and update data from reports.

Location:
This position can be based in any of the following locations:
Chennai
Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday