IT Risk and Compliance Lead
Accenture Security helps organizations prepare, protect, detect, respond, and recover along all points of the security lifecycle. Cybersecurity challenges are different for every business in every industry. Leveraging our global resources and advanced technologies, we create integrated, turnkey solutions tailored to our clients’ needs across their entire value chain. Whether we’re defending against known cyberattacks, detecting and responding to the unknown, or running an entire security operations center, we will help companies build cyber resilience to grow with confidence. Our team of the security sector’s brightest people use the coolest tech to out-hack the hackers and help clients build resilience from within. We blend risk strategy, digital identity, cyber defense, application security and managed service solutions to rethink the entire security lifecycle.
Passionate about security, love what you do and have a genuine desire to outsmart the bad guys. You have the experience to analyze a clients’ security posture, anticipate security requirements and help find right-sized solutions based on industry leading practices. You have a proven track record working successfully in a fast-paced, team-oriented environment. You’re a creative, analytical problem solver with above average documentation skills who can speak to both technical and non-technical audiences. Can apply deep security skills to design, build and protect enterprise systems, applications, data, assets and people for Accenture and our clients. You are eager to put your skills to use by helping us help our clients inject security at every level of their organization.
- Driving cybersecurity assessments including maturity assessments using NIST CSF or FAIR methodologies.
- Driving large Governance, Risk and Compliance projects / programs.
- Driving security and controls work for various cybersecurity and privacy regulations.
- Understanding and overseeing control standards (PCI DSS, COBIT, ISO27001, NIST 800:53, HITRUST, GDPR, CCPA), and control testing strategies.
- Applying cyber compliance / risk management knowledge, internal control principles and technical knowledge across cyber risk and compliance engagements.
- Developing and executing a detailed project plan, assessment approach, and overseeing the delivery team through team management (e.g., resource allocation, daily stand-ups), client coordination and quality review
- Participating in development and delivery of training curriculum and participating in hiring and coaching activities for the Managed Risk Services team.
- Participate in the full delivery of various cyber risk and security engagements serving multiple clients across different industries.
- Consult to gather requirements and understand our clients' key challenges and work with senior team members to advise on practical and cost-effective solutions to help mitigate our clients’ cybersecurity risks and challenges.
- Conduct information security risk assessments, including risk/issue intake/identification, triage and treatment plan preparation and tracking in accordance with our client Information Security and Compliance Frameworks as well as regulatory standards and requirements (i.e., SOX, PCI, ISO, SOC2, GDPR).
- Perform test of controls for privacy including driving preparations, conducting walkthrough meetings, preparing narratives, and assembling other evidence as needed to support testing conclusions.
- Perform IT control assessments/testing and assist with continuous monitoring activities, and help remediate any control deficiencies or findings
- Prepare control testing scripts, plans, agendas to help the client through test execution process
- Assist with ongoing IT controls related functions, such as performing vendor reviews, user access reviews and risk assessments.
- Understand relevant security and privacy regulatory compliance requirements and be able to translate those into business processes and security controls to enhance and support client’s compliance and audit capabilities.
- Articulate and defend IT controls testing approach and perform test of design and operating effectiveness.
- Establish and maintain effective working relationships with colleagues, existing clients, and prospective client organizations.
- Participate in relevant community events that align to personal interests and provide the opportunity for you to build your professional brand.
For now, all Accenture business travel, international and domestic, is currently restricted to client-essential sales/delivery activity only.
Please note: The safety and well-being of our people continues to be the top priority, and our decisions around travel are informed by government COVID-19 response directives, recommendations from leading health authorities and guidance from a number of infectious disease experts.
Here’s What You Need
- Minimum of 3 years of experience testing IT security controls including experience managing and facilitating client control testing efforts
- Minimum of 3 years of experience preparing/overseeing control testing scripts, plans and agendas to help the client through test execution process
- Minimum 2 years’ experience leading external and internal auditors, e.g., PCI-QSAs.
- Minimum 2 years’ experience creating technical documentation and compliance reports overseeing in a client facing role
- Bachelor's degree or equivalent (minimum 12 years) work experience. (If Associate’s Degree, must have minimum 6 years work experience)
As required by Colorado law under the Equal Pay for Equal Work Act, Accenture provides a reasonable range of compensation for roles that may be hired in Colorado. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is 113k to 168k and [Register to View]
Equal Employment Opportunity Statement
Accenture is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Accenture is committed to providing veteran employment opportunities to our service men and women.
For details, view a copy of the [Register to View] .
Requesting An Accommodation
Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.
If you would like to be considered for employment opportunities with Accenture and have accommodation needs for a disability or religious observance, please call us toll free at 1 [Register to View] , send us an [Register to View] or speak with your recruiter.
Other Employment Statements
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.