Governance, Risk, Compliance - Audit Security Advisor (6-Months Contract) - Greensboro

Governance, Risk, Compliance - Audit Security Advisor (6-Months Contract) - Hybrid | Cary, NC

Nice to meet you!

We’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.

We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you'll find it here.

About the job

This role requires an understanding of information technology and security controls and applying them on to an organization to meet various certification and regularly compliance frameworks, such as ISO 27001, NIST 800-53, HITRUST, SOC 1&2, and PCI-DSS.

As a Governance, Risk, Compliance - Audit Security Advisor, you will:

• Maintain an understanding of compliance requirements, standards, guidance, and interpretations and/or best practices, including NIST 800-53, HIPAA, ISO 27001, SOC 1&2 and PCI-DSS.
• Identify control gaps and deficiencies and report to management.
• Conduct scheduled and ad hoc reviews of applicable environments required to maintain compliance and certifications.
• Support external assessment activities related to achieving required certifications and customer contractual requirements.
• Assist in the development of documentation and artifacts, in collaboration with other teams, to support program development.
• Respond to security questionnaires from customers and prospects
• Collaborate with the Information Security, IT, and other teams to define and implement security processes and procedures based on industry standard best practices and relevant compliance requirements.
• Contribute and assist in preparing and maintaining control documentation (e.g., policies, procedures, and narratives)
• Effectively communicate to applicable staff SAS security requirements and procedures.
• Identify areas for streamlining compliance procedures.
• Review hosting, security, and audit contract terms and ensure compliance to current policies and processes.
• Respond to RFP and security questionnaires from customers and prospects.
• Must be a self-starter with the ability to work with little supervision, escalating issues, as appropriate.
• Maintain an ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity
• Ability to handle multiple projects at the same time and solve problems
• Perform other duties, as assigned

• Bachelor’s degree in Business Administration, IT, Computer Science or related field.
• 4+ years of functional experience in project management, management consulting, IT, audit/compliance/risk or related field.
• 2+ years of experience in a regulated industry or working with customers in a regulated industry (i.e. pharmaceutical, banking, insurance, and/or government). This experience may be concurrent with the above functional experience.
• Equivalent combination of related education, training and experience may be considered in place of the above qualifications.
• Understanding of best practices for information security and data privacy practices and processes.
• Understanding of regulatory standards: SOC 2, FISMA/NIST 800-53, ISO 27001, HIPAA.
• Knowledge and experience with best practices /standards: ITIL, COBIT, GAMP5, or ISO 27001.
• Knowledge of IT or quality auditor procedures and tools (not financial/accounting).
• You’re curious, passionate, authentic and accountable. These are our values and influence everything we do.

• Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters).
• Management consulting experience.
• Auditor or security certification, such as CISA, IIA or CISSP, or equivalent professional certification and/or training.
• SAS software implementation or IT hosting experience or prior implementation experience.

World-Class Benefits

• Comprehensive medical, prescription, dental and vision plans.
• Medical plan options include...
• PPO with low annual deductible and copays.
• HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
• Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
• An industry-leading 401k plan.
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off, parental leave and unlimited paid sick days.
• Generous childcare benefits for all full-time employees.

Diverse and Inclusive

Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

Additional Information:

Read more: Know Your Rights. Also view the Pay Transparency notice.

SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

#SAS