Governance, Risk, Compliance- Audit Security Advisor- Hybrid 

Nice to meet you!

We’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.

We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you'll find it here.

About the job

The Governance, Risk, Compliance - Audit team is looking for a Senior Governance, Risk, Compliance - Audit Security Advisor to be responsible for bridging the gap between compliance and information security by supporting policy and standards development, risk assessments, audits, and overall security controls guidance. The position is on a team that focuses on Compliance. You must have technical knowledge and/or experience in information security and the ability to communicate information security risk, controls, and mitigation strategy to management at all levels of the business across the enterprise.

As a Senior Governance, Risk, Compliance - Audit Security Advisor you will:

• Maintain an understanding and benchmark the following standards: ISO27001, ISO9001, ENS. Knowledge of other standards including: DORA, SOC, FedRamp
• Facilitate and ensure risks are identified, measured and tracked effectively.
• Identify control gaps and deficiencies and report to management.
• Conduct scheduled and ad hoc risk reviews of applicable environments required to maintain compliance and certifications.
• Support external assessment activities related to achieving required certifications and customer contractual requirements.
• Assist in the maintenance of SAS Cloud and security policy and process development and updates, while ensuring compliance with regulations and guidance.
• Effectively communicate to applicable staff SAS security requirements and procedures.
• Operate as a consultant, researching and recommending changes to enhance or streamline quality and information security policies and processes.
• Participate in security investigations and compliance reviews, as required by contract or regulation.
• Review SAS Cloud security contract terms and ensure alignment to current policies and processes.
• Coordinate responses to RFP and security questionnaires.
• Use of the IRM tool for managing risk and policy profiles, such as managing entity structures, build reporting dashboards, identifying and tracking of risk remediation.
• Perform issue remediation tasks such as analysis, documentation, follow-up and retesting in response to risk findings.
• Understanding of best practices for information security and data privacy practices and processes.
• Understanding of standards, best practices : SOC 2, DENS, CE +, BSI C5, GDPR, DORA, ISO 9001, ISO 27001, ISO 14001.

Required Qualifications

• 8+ years of experience in project or program management, management consulting, training, IT, audit/compliance or related field.
• Bachelor's degree in  IT, Computer Science, Project Management  or related  field
• Equivalent combination of education, training and experience may be considered in place of the above qualifications.
• Knowledge and experience with best practices / standards and regualtions  (ex: ENS, CE +, BSI C5, GDPR, DORA,ISO 27001, ISO 9001, ISO 14001).
• You’re curious, passionate, authentic and accountable. These are our values and influence everything we do. 

Preferred Qualifications

• Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters)
• Management consulting experience
• Experience with ServiceNow issue management ticketing system
• Auditor or security certification (ex: CISA, CISSP) and/or training
• Strong time management skills (schedules, prioritization).
• Excellent communication, analysis, and process flow skills.
• Ability to be flexible, display tact and diplomacy, and maintain confidentiality and integrity.
• Must have the ability to work with little supervision, escalating issues, as appropriate.
• Understanding of best practices for information security and data privacy practices and processes. 

Benefits Highlights

• Flexible working hours to support better your work-life balance and well-being.

• Develop your Career Journey with us, we support you with a development plan, internal mobility and training programs in SAS products and new professional skills.

• High-trust company culture and good team atmosphere that inspire you to do your best

• Our Recreation and Fitness center offers recorded fitness classes to help you fit movement into your day.
• Your well-being matters, and that's why we support all dimensions of your well-being by offering programs that reduce stress and distractions to help you remain healthy and productive.

Diverse and Inclusive

At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

Additional Information:

SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, or any other characteristic protected by law.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

#SAS