Previous Job
Information Technology Compliance Analyst
Ref No.: 17-04756
Location: Washington, District of Columbia
My customer, an international financial organization located in Washington, DC has a 6+ month contract position available for a Information Technology Compliance Analyst.
Position Overview:
The Office of Information Security (OIS) ensures that security efforts throughout the Group are coordinated and aligned with the Bank's business and IT strategy. This Office delineates the Group's information security plans and ensures, in coordination with the Information Security Council, that resources and all implementation of plans, procedures, and standards are reviewed, supported, and deployed in the most effective and efficient manner and are consistent with overall risk management. The Office of Information Security needs a suitable resource to support the Compliance functions. The Analyst should be able to support Compliance function, wherein s/he will be expected to validate Key Controls in ITGC areas and assist in Control implementation and documentation of Processes and procedures to address internal controls over Financial Reporting requirements. S/he will be expected to develop test plans and procedures to access the effectiveness of controls and capable to assist in ISO 27001 & 27000 certification efforts.

Essential Job Functions:
• Assist in the development and implementation of sustainable compliance framework and processes in to meet IT policies, business requirements, and applicable legal and regulatory requirements
• Conduct IT Technology and process audits as well as compliance assessments based on COBIT, ISO 27001 & ISO 20000 frameworks.
• Assist in controls implementation, including documentation of processes and procedures to address Internal Controls over Financial Reporting (ICFR) requirements for the IT General Computer Controls (ITGC) for Information Security, Change Management, and IT Operations areas
• Independently assess the design effectiveness of IT General Computer Controls for Information Security, Change Management, and IT Operations
• Develop test plans and detailed test procedures to assess operating effectiveness of the IT General Computer Controls for Information Security, Change Management, and IT Operations
• Assess compliance against technical standards for various platforms and technologies.
• Collect, evaluate, and maintain data to ensure that required management reporting is completed as needed (this also includes inputting appropriate data into systems such as RSAM & Bwise)
• Assist in ISO 27001 & ISO 20000 certification efforts, including risk assessments, internal compliance assessments, and program management
• Assist in monitoring open audit items form audits, such as WBG internal audit department (IAD) IT audits, external financial audits on Internal Controls over Financial Reporting (ICFR), and ISO 27001 & ISO 20000 certification audits to ensure execution of remedial activities defined in the agreed action plans and risk treatment plans
• Perform other duties in the compliance work program, as assigned

Educational Qualifications and Experience:
• Education: MA/MS (In Computer Science, Information Systems or a related technical field or equivalent combination of education and experience. BS/BA is minimum education requirement.)
• Role Specific Experience: Minimum 5+ years' experience working in an information security, information technology or compliance related field;
• Experience in conducting design and operating effectiveness testing for the ITGCs
• Demonstrated experience in implementing compliance frameworks for financial services organization or organizations with similar information security needs and requirements
• Experience in conducting assessments, designing processes, and implementing SOX controls for the IT General Computer Controls (ITGCs) areas for the IT General Computer Controls (ITGC) for Information Security, Change Management, and IT Operations
• Experience in auditing platforms (UNIX, Windows) and databases (Oracle);

Certification Requirements:
• Industry certifications highly preferred, including but not limited to Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and Information Systems Security Management Professional (ISSMP)

Required Skills/Abilities:
• Familiarity and understanding of broad range of IT hardware and software products
• Good understanding of industry standards and regulations including COBIT, COSO, and SOX
• Good knowledge and demonstrated work experience of the use of ISO 27001 control framework and Information Security Management System (ISMS) implementation
• Demonstrated knowledge of IT and security controls for network, database, application and operating systems. Strong knowledge and work experience with logical access controls
• Knowledge of ERP and financial system including but not limited to SAP, PeopleSoft and Summit, Enterprise GRC systems such as BWise and RSAM
• Self-motivated with the ability to work independently and within groups with minimal supervision
• Excellent written and verbal communication skills, presentation, and problem solving skills, and ability to interact well with peers and internal customers
• Highest ethical standards

Contractor Benefits*
*benefits are available only to W2 Contractors
Who is NTT Data?
NTT DATA is a leading IT services provider and global innovation partner with 80,000 professionals based in over 40 countries. NTT DATA emphasizes long-term commitment and combines global reach and local intimacy to provide premier professional services, including consulting, application services, business process and IT outsourcing, and cloud-based solutions. We're part of NTT Group, one of the world's largest technology services companies, generating more than $100 billion in annual revenues and partner to 80% of the Fortune 100. Visit to learn how our consultants, projects, managed services, and outsourcing engagements deliver value for a wide range of businesses and government agencies.
The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs.  The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law.  To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.