Must have skills
Governance Risk Compliance (GRC), SSI: NON SSI:
Roles & Responsibilities:
Manage audits/reviews to assess the Application service control environment and evaluate adherence to client identified contractual requirements, Accenture policies and standards.
Driving development of a holistic application security audit program
Provide subject matter expertise to service delivery on risk, compliance, control and information security throughout the delivery.
Lead implementation and maintenance of risk self-assessment programs across service delivery.
Manage to ensure that the identified findings and actions are tracked to closure and reported to leadership. Facilitate sharing of learning from matters requiring interventions, such as incidents, initiate process improvements and updates to policies and standards.
Liaise with other Accenture functions, including Internal Audit, Global Asset Protection/CIRT, Information Security, and Risk and Quality Management/Quality Assurance, Legal/Contract Management, Policy teams, delivery centers, sales teams, and Accenture clients to ensure the risk management process is efficient and effective
Lead and coordinate preparation of service delivery for certification programs across contracts, such as SSAE16_ISAE3402/ SOC 2 audits.
As per requirement, support service delivery in preparation for client or industry specific certification and compliance programs, Sarbanes Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Medicines and healthcare products regulatory agency (MHRA), Utilization Review Accreditation Commission (URAC), Payment Card Industry (PCI).
Responsible for People Management such as but not limited to the following:
Provides team members with a clear sense of direction and understanding of one another's responsibilities
Structures activities/projects to enable reasonable workload and work/life balance
Provides individuals with positive and developmental feedback, promptly and openly
Maintains positive and effective work relationships with peers and clients/customers
Nice-to-Have Skills/Qualifications:
Data privacy and protection (sample qualifications: CIPM, CIPT, CIPP)
CISSP, CISM, CCSP, CCSK
SOC1 and SOC2 (SSAE16 / ISAE3402) awareness
Business Continuity and Disaster Recovery awareness (ISO 22301)
Qualifications:
Minimum of 3-4 year experience in Auditing principles and practices (sample qualifications: CISA, ISO 27001 Lead Auditor)
Minimum of 4-year experience in Application security/audit roles in Application development and maintenance service industry
(sample qualifications: EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development
Experience in secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption
Knowledge of Cloud services and security in cloud ( sample qualifications: Microsoft Azure/AWS/Google certifications)
Minimum of 4-year experience in Operational compliance requirements
Contract Management / Service Reporting
(including Service Level Agreements and Operational Level Agreements)
Risk management or assessment (sample qualification: CRISC)
Team and stakeholder management