Apply on Employer Site

CCC Intelligent Solutions · 23 hours ago

Senior Analyst, IT Compliance

United States

Full-time

Remote

Mid, Senior Level

$85K/yr - $125K/yr

4+ years exp

CCC Intelligent Solutions Inc. is a leading cloud platform for the insurance economy, creating intelligent experiences for various stakeholders. The Senior Analyst, IT Compliance will support the company's IT governance, risk, and compliance program by providing centralized audit support, enhancing IT governance frameworks, and collaborating with IT leadership to manage risks and compliance efforts.

Artificial Intelligence (AI)Cloud Data ServicesInformation TechnologyInsuranceInsurTechSaaSSoftwareTechnical Support

Responsibilities

Provide centralized audit and IT compliance support in the facilitation of all audit and other customer assessment requests and remediation efforts. Primary audits currently include IT SOX, SOC 1, and SOC 2

Assist in enhancing and maintaining IT Governance frameworks, policies, standards and procedures, and response plans

Drive consistency in the way IT risks are identified, controls are implemented and monitored, and share best practices and learnings across the company

Analyze current IT risks and identify/monitor emerging risks which can affect the company and work with leaders and IT managers to ensure existing and emerging risks are understood and appropriate mitigations are implemented

Facilitate IT risk and governance program activities, such as risk assessments, risk exceptions, risk ratings, business risk consultations, risk mitigation and remediation recommendations, and capability maturity assessments

Advise on and assist with maintaining oversight of the company’s remediation efforts for IT risk exposures, gaps, and deficiencies, and complete remediation validation to assess effectiveness of improved controls

Work with company IT leadership to assist and advise in the development, communication, and execution of Key Risk and Performance Metrics (KRI/KPI) and related tolerances, establish monitoring reports, and develop analysis and reporting to identify and communicate risk insights

Assist in facilitating company compliance of identified IT controls (ITGCs, Application, Cloud, Cybersecurity, etc.) as needed

Identify and resolve technical, operational, risk management, and organizational challenges

Develop and cultivate close working relationships and coordinate with executive and senior partners in other technology departments related to the program

Partner with control owners (first line), internal and external audit (third line), and corporate Compliance and Legal Teams to support independent reviews, risk assessments, and other customer needs

Provide support in the evaluation of risks and controls, particularly when evaluating the risk and controls of high-risk systems and applications

Facilitate and oversee training to address identified weaknesses in team member knowledge of requirements, policies, or procedures, and to foster a culture of compliance

Provide support in documenting technology controls and technological landscape

Qualification

IT auditingIT complianceCISA certificationRisk managementSOX compliancePolicy developmentProject managementCOBIT frameworkITIL frameworkISO standardsCISM certificationCISSP certificationTeam collaborationCommunication skills

Required

Bachelor's Degree in Computer Science, Management Information Systems, or other technology-related field

4+ years of experience in IT auditing, IT compliance, or related industry

Strong project management skills with inherent ability to drive multiple programs, stakeholders, and teams towards organizational goals

Experience developing frameworks and processes to drive a risk-based approach to incorporating standard frameworks such as COBIT, ITIL, ISO, COSO, and NIST into an enterprise compliance management process

Experience with SOX/working in a publicly held company

Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations

Ability to influence others at senior levels and establish credibility and working relationships with a wide range of corporate personnel, including technical operations, management, and executives as well as internal audit and external regulators

Capable of establishing and maintaining an effective program structure that emphasizes the coordination of resources across projects, managing deliverables between projects, and the overall costs and risks of the compliance programs

Experience with the development of formal written reports to communicate audit results and recommendations to management and business stakeholders

Ability to facilitate productive meetings and work successfully in a team-oriented environment

Strong ability to handle multiple competing priorities in a fast-paced environment

Preferred

Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certification preferred