Site of Employment:
Quanta Philippines ROHQ (Local Employment) - Quezon City_
DUTIES AND RESPONSIBILITIES:_
Completes individual assignments or leads teams in initiatives as assigned by the supervisor.
- Review access controls and user access permissions for all systems and data repositories used in the process. Provide an analysis based on controls to determine if the permissions are appropriate and identify any necessary changes.
Test the effectiveness of IT controls by performing extensive data reconciliation of documents using Microsoft Excel, SQL, or similar tools.- Responsible for the monitoring of overall adherence to the IT General Controls (ITGCs) through regularly scheduled reviews of in-scope technical areas.
- CONTROL DEPLOYMENT/VALIDATION
Document and maintain all business process maps, data lineage, and process narratives to ensure the accuracy, timeliness, and completeness of information.- Assist in analyzing data flows of financial processes from a technical perspective and identifying the systems involved, including applications, interfaces, shares/folders, and databases.
Reviews and provides guidance from compliance perspective across areas such as application controls, logical access controls for applications, operating systems and databases, backup and recovery procedures, change controls, pre and post-deployment assessments, user administration, perimeter security, network/application architecture and selected configuration management controls on technical platforms such as ERPs, AP/PO systems, Expense Approval systems, Databases (MS SQL, Oracle, etc.), Operating Systems (Windows, Linux/Unix), middleware (Boomi) etc.
- Works with IT to close issues through oversight and review of remediation plans and accompanying evidence.
- SOC 2/ISO 27002 Audit/Support
Understand AICPA trust service criteria controls to support SOC 2 and ISO 27002 audits by maintaining documentation for monitoring controls.
- Assist with oversight functions to collect evidence for monitoring and validation of controls from stakeholders.
Set up and maintain an audit schedule. Prepare data requests based on the controls that need to be tested, create requests for stakeholders for evidence, or run reports where access is available. Provide information to the audit team and coordinate follow-up questions.
- Third-Party Risk Assessment
Conduct thorough research using online resources to gather software-related data, including features, security, licensing, pricing, and vendor details.- Collect information regarding the security posture of the vendor using industry-standard framework questionnaires.
Engage with customers and software vendors via email and calls to gather additional/follow-up information and validate existing data.
_
EDUCATION AND EXPERIENCE:_
- Required Education and Experience
Bachelor's degree in MIS, Information Systems, Computer Science, Engineering or Accounting MS
- 2 plus years of experience in areas listed above or expertise in areas such as IT Compliance, IT Audit, IT Security, etc.
Working knowledge of standards and framework such as ISO, SOC, ITL, COBIT, PCI-DSSUS hours (CST, Night Shift)
- Preferred Licenses/Certifications
CISA, CIA, CPA, CISM, CISSP, MCP, MCSE, CCNA, CompTIA at least 1 certification required or other applicable for the job certifications are desired but not required.
Job Type: Full-time
Schedule: Evening shift
Application Question(s):
* This position requires you to work in the office; are you willing to work on-site
