SAS Institute Inc.
Receive alerts when this company posts new jobs.
Compliance Programs Manager
at SAS Institute Inc.
- Requisition ID
- Job Category
- Hiring Manager
- Cathy Smith
- Employee Referral Bonus
- Not Offered
- Matt Rock
As an Audit & Compliance Programs Manager, you will help ensure that staff working on Global Hosting and US Professional Services (GHUSPS) projects operate within the policies and procedures set forth by GHUSPS as well as applicable company, state, federal, and international laws. A secondary focus is to operate in a consulting role, auditing and facilitating remediation of continuous improvement efforts across the business.
- Plan and lead internal inspections, audits and benchmarking of security policies against regulations and standards (for ex: ISO 27001, HIPAA, IRS 1075, NIST 800-53, FedRAMP).
- Advise and assist with annual IT security risk assessment activities and required remediation based on chosen standard(s) across applicable SAS teams and divisions.
- Conduct risk assessments to determine risks to be included in the annual audit plan.
- Advise on compliance, audit and/or security requirements within the government market.
- Assist with maintaining a library of up to date standard audit programs and checklists.
- Prepare or customize audit procedures to align with ISACA and other professional organization audit standards.
- Participate in security investigations and compliance reviews, as required by customer requirements or internal or external audits.
- Operate as a consultant, researching and recommending changes to enhance or streamline quality and information security procedures, including internal and external auditing.
- Review hosting, security, and audit contract terms and ensure compliance to current policies and processes.
- Help maintain the Quality Management System; including hosting IT and security policy and process development and updates, while ensuring compliance with regulatory regulations and guidance.
- Interface with customer auditors to discuss security or IT hosting operations-related concerns during pre and post sales activities.
- Effectively communicate, facilitate, present, and train both technical and non-technical small and large audiences, regarding hosting and security requirements and procedures.
- Coordinate responses to RFP and security questionnaires.
- Must have the ability to work with little supervision, escalating issues, as appropriate.
- Maintain an ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity
- Strong ability to handle multiple projects at the same time and solve complex problems
- Perform other duties, as assigned
- Bachelor's degree in Business, IT, Computer Science or related field.
- 3+ years of functional experience in project management, management consulting, IT, audit/compliance or related field.
- 2+ years of experience in a regulated industry (I.e. pharmaceutical, banking, insurance, and/or government). This experience may be concurrent with the above functional experience.
- Understanding of best practices for information security and data privacy.
- Understanding of regulatory standards: FDA Part 11, PCI, FISMA/NIST 800-53, or IRS 1075.
- Knowledge and experience with best practices /standards: ITIL, COBIT, GAMP5, or ISO 27001.
- Knowledge of IT or quality auditor procedures and tools (not financial/accounting).
- Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters).
- Management consulting experience.
- Experience with ServiceNow issue management ticketing system.
- Auditor or security certification, such as CISA, IIA or CISSP, or equivalent professional certification and/or training.
- SAS software implementation experience or prior implementation experience.
- IT hosting experience.
Additional Abilities and Skills:
- Ability to travel as business requirements dictate and at management discretion (usually up to 15%).
SAS looks not only for the right skills, but also a fit to our core values. We seek colleagues who will contribute to the unique values that makes SAS such a great place to work. We look for the total candidate: technical skills, values fit, relationship skills, problem solvers, good communicators and, of course, innovators. Candidates must be ready to make an impact.
To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the notice Pay Transparency
Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.