Jobs at OnePyramid

Position Overview:

• We are seeking to hire a talented Risk Analysts with expertise in IT, Supply Chain, or Cybersecurity to join our team.
• The ideal candidate will be responsible for assessing vendor risk and compliance with security standards, ensuring alignment with organizational objectives and regulatory requirements.
• The candidate will play a critical role in identifying, analyzing, and mitigating risks associated with vendor relationships, contributing to the overall security and resilience of our organization.

Responsibilities:

• Conduct comprehensive assessments of vendor risk and compliance with security standards, including evaluation of security controls, policies, and procedures.
• Collaborate with cross-functional stakeholders to define risk assessment criteria, methodologies, and scoring frameworks, ensuring consistency and accuracy in risk analysis.
• Evaluate vendor contracts, agreements, and service level agreements (SLAs) to identify security requirements and compliance obligations.
• Analyze vendor security documentation, such as security questionnaires, assessments, and audit reports, to assess the adequacy and effectiveness of security measures.
• Identify gaps, vulnerabilities, and areas of non-compliance with security standards, and develop risk mitigation strategies and remediation plans.
• Communicate findings and recommendations to key stakeholders, including senior management, procurement teams, and vendor management offices.
• Monitor and track vendor risk remediation activities, ensuring timely resolution of identified issues and compliance gaps.
• Stay abreast of industry trends, regulatory changes, and emerging threats in IT security and supply chain risk management, and provide insights and recommendations to enhance organizational resilience.

Requirements:

• Bachelor's degree in Information Technology, Computer Science, Business Administration, or related field. Master's degree preferred.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification preferred.
• Minimum of 4+ years of experience in risk management or vendor management roles, with a focus on IT security, supply chain, or cybersecurity.
• Strong understanding of security frameworks and standards, such as ISO 27001, NIST Cybersecurity Framework, and GDPR.
• Experience conducting risk assessments, security audits, and compliance reviews for vendors and third-party service providers.
• Proficiency in risk assessment tools and methodologies, such as risk matrices, heat maps, and risk scoring models.
• Excellent communication and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities, with a demonstrated track record of identifying and mitigating security risks and compliance issues.

Tools and Technologies:

• Risk Assessment Tools (e.g., RSA Archer, OneTrust, etc.)
• Vendor Risk Management Platforms (e.g., BitSight, RiskRecon, etc.)
• Security Questionnaire Tools (e.g., Shared Assessments, SIG Questionnaire, etc.)
• Document Management Systems (e.g., SharePoint, Confluence, etc.)
• Microsoft Office Suite (Word, Excel, PowerPoint, Outlook.

go to method of application »

• We are seeking a highly skilled SOX Compliance Consultant with a strong background in IT Audit and IT Controls to work with our client in the Asian Pacific Timezone (EU-TZ).
• The ideal candidate will have extensive experience in Sarbanes-Oxley (SOX) compliance and a deep understanding of IT Governance, Risk, and Compliance (GRC) frameworks.
• The candidate will be responsible for ensuring that our client’s IT systems and processes comply with regulatory requirements and industry best practices.

Responsibilities:

• Conduct risk assessments and gap analysis to identify areas of non-compliance with SOX requirements, and define systems and key IT General Controls in scope for SOX 404 yearly.
• Develop and implement IT control frameworks and testing methodologies to ensure the effectiveness of internal controls.
• Collaborate with cross-functional teams to assess IT processes, identify control requirements, control deficiencies, interpret issues, and recommend remediation actions in a timely manner.
• Design and execute IT audit procedures to evaluate the design and operating effectiveness of IT controls, while communicating testing status and issues.
• Prepare and maintain documentation of IT control processes, including control narratives, process flows, and control matrices.
• Monitor and track remediation activities and implementation of controls to address control deficiencies identified during audits or assessments.
• Provide guidance and training to IT and business stakeholders on SOX compliance requirements and control best practices.
• Stay abreast of regulatory developments and emerging trends in IT compliance to inform continuous improvement efforts.
• Able to handle a complex and rapidly changing IT business environment and respond accordingly to ensure successful completion of the IT SOX program.
• Identifying opportunities for continuous improvement in the quality and efficiency of IT SOX programs, while maintaining sufficient IT-based knowledge, awareness of emerging trends, and professional certifications to meet the requirements of the Audit Charter.

Requirements:

• Bachelor's degree in Information Technology, Computer Science, Accounting, or a related field.
• Certified Information Systems Auditor (CISA) or equivalent certification preferred.
• Minimum of 6+ years of experience in IT audit, IT control, or SOX compliance roles.
• In-depth knowledge of Sarbanes-Oxley Act regulations and requirements.
• Strong understanding of IT governance frameworks, such as COBIT, ITIL, or NIST.
• Experience with auditing IT general controls (ITGCs), application controls, and automated controls.
• Proficiency in conducting risk assessments, control testing, and audit documentation.
• Excellent communication and interpersonal skills, with the ability to effectively engage and collaborate with stakeholders at all levels.
• Detail-oriented mindset with strong analytical and problem-solving abilities.

Tools and Technologies:

• Microsoft Office, SAP, Linux, Windows Servers, Active Directory, ASI and Mainframe.
• Audit Management Software (e.g., TeamMate, ACL, etc.)
• Governance, Risk, and Compliance (GRC) Software (e.g., RSA Archer, MetricStream, etc.)
• IT Audit Tools (e.g., IDEA, ACL, etc.)
• Document Management Systems (e.g., SharePoint, Confluence, etc.)