The Security Compliance Review Analyst assist in the firm's overall risk management function by conducting reviews of information security and/or privacy related policies and procedures to determine the organizations compliance. Works with the Security Compliance Leader and the Enterprise Leader of Security and Privacy to develop:
A schedule of the policies and/or procedures to be reviewed
The review methodology to be used
The report format to be used to document the review activity and any material findings.
This position will may also assist in developing solutions to mitigate any material finds.
Takes direction from the Security Compliance Leader with input/involvement from the Firmwide Leader, Information Security and Privacy. May also have periodic interaction with the CIO and Firm Risk Management as projects warrant.
Developing a plan to review compliance with security and privacy related policies and procedures throughout the firm.
Monitors the firm's Information Security and Privacy Program compliance and effectiveness in coordination with the firm's other compliance and operational assessment functions.
Participates in short- and long-term planning.
Works with the SOC and HIPAA leaders to coordinate review activities to reduce repetitive activities and increase the overall effectiveness of the program.
Maintains working knowledge of Federal and State legislative and regulatory initiatives.
Assists in developing and implementing appropriate information security and privacy policies, standards, guidelines and procedures.
Works effectively with BU/DU/SDU Leaders and serves as a conduit to the firm's other information security personnel and the Firmwide Leader Information Security and Privacy.
Provides meaningful input and prepares effective presentations to communicate the results of security assessments to all levels of management.
Assists with investigations of information privacy violations and/or computer system breach. Works effectively as a member of the firm's incident response team with BU management, Firmwide Risk Management, Legal, and external law enforcement to address these instances.
Maintains current knowledge of applicable federal and state privacy/security laws and accreditation standards.
Assists Firm Risk Management, Legal and BU management with compliance reviews or investigations by external regulatory agencies, or firm clients.
Assists with the development of policy, training and process enhancements to mitigate and/or eliminate review findings.
Reviews instances of noncompliance and works effectively and tactfully to correct deficiencies. If prompt resolution cannot be obtained, escalates the issue to the Firmwide Leader Information Security and Privacy and the appropriate BU management.
Assists the Information Security Operations team to develop security and privacy training and orientation materials for all Crowe partners and employees, interns, contractors, and other appropriate third parties.
Initiates, facilitates and promotes activities to foster information security and privacy awareness within the organization.
Serves as an internal consultant to the firm on privacy and security matters.
Collaborates with other information security and privacy team members as needed or directed.
Makes recommendations for the improvement of operational processes and procedures to address or mitigate assessment findings.
Assists with firmwide risk assessment activities as needed.
Assist with the drafting and/or review of new policies and procedures as needed.
YOUR JOURNEY AT CROWE STARTS HERE:
At Crowe LLP, you have the opportunity to deliver creative solutions to today's complex business issues. Crowe's accounting, consulting, and technology personnel are widely recognized for their in-depth expertise and understanding of sophisticated process frameworks and enabling technologies, along with their dedication to delivering measurable results that help clients build business value. Our focus on emerging technology solutions along with our dedication to internal career growth and exceptional client value has resulted in a firm that is routinely recognized as a "Best Place to Work." We are 75 years strong and still growing. Come grow with us!
Bachelor's degree in Accounting, Computer Science, MIS, Information Systems or engineering fields, or equivalent experience required.
5 years' experience in an auditing or compliance review role.
CISSP or CISA Certification a plus.
Working knowledge of security and privacy guidelines and frameworks with a preference toward those in healthcare and financial services.
Flexible, agile and able to manage within ambiguity as necessary
Excellent organizational/project management and analytical skills.
Some travel required to perform job duties (< />
ABOUT THE TEAM:
Information Services (IS): Information Services manages the firm's infrastructure design and security, project management office, architecture, enterprise application services, client service and infrastructure and administration.
At Crowe, we know that great people is what makes a great firm. We value our people and offer employees a comprehensive benefits package.
Learn more about what working at Crowe can mean for you.
HOW YOU CAN GROW:
We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations.
Learn more about where talent can prosper.
MORE ABOUT CROWE:
Crowe (www.crowe.com) is one of the largest public accounting, consulting and technology firms in the United States. Crowe uses its deep industry expertise to provide audit services to public and private entities while also helping clients reach their goals with tax, advisory, risk and performance services. Crowe is recognized by many organizations as one of the country's best places to work. Crowe serves clients worldwide as an independent member of Crowe Global, one of the largest global accounting networks in the world. The network consists of more than 200 independent accounting and advisory services firms in more than 130 countries around the world.