Previous Job
Principal, SaaS Compliance - 3
Ref No.: 18-08804
Location: Santa Clara, California
This position is responsible for partnering with the business to design, monitor, and implement effective process controls in accordance with compliance and regulatory requirements and in alignment with the organization's strategy, goals and risk tolerance. Develop process control designs that are practical and balanced from both an effort and cost perspective while ensuring appropriate risk mitigation. As a partner to the business, stay informed of the changing business needs and effectively plan and execute change initiatives, ensuring alignment with desired outcomes. Lead the development and implementation of a global SaaS risk assessment program that appropriately addresses the data, systems and infrastructure risks for the company. Ensure ongoing alignment of SaaS Risk & Compliance efforts with CA's overall Risk Management strategy. Plan, organize and manage assignments of an SaaS Risk & Compliance function while learning to lead other professional staff. Foster relationships with the business to understand the key business drivers and stay informed of changing business strategies. Evaluate risks, controls and provide analytical data to allow business partners and management to make informed business decisions that are compliant with internal policies, procedures and applicable regulations. Measured on the goal of strong and effective processes, not just audit and reporting functions. Depending on the maturity of the process, provide subject matter expertise to develop and lead the work to define and implement controls and risk mitigation activities. Continually assess effectiveness, be able to make effective change recommendations, test the work, and if necessary help implement and remediate issue with emphasis on change impact, project management and leadership. Provide expertise in risk management, internal controls and corporate processes by understanding current trends and issues within the organization and business community. Stay well-informed on latest regulatory requirements, research best practices and use continuous process improvement disciplines and applicable control, risk and process frameworks to achieve results. Lead testing activities (e.g., SOC / SSAE, PCI/DSS), including internal control risk assessments, deficiency evaluations, risk mitigation recommendations and design automated control solutions. Drive activities by coordinating between SaaS, business and the external auditors ensuring that the objectives and scope are clearly communicated, information provided is relevant and complete, disruptions to the daily business operations are minimized, and identified risks are mitigated. Analyze compliance and audit results to provide guidance and insight to identify systemic issues. Decisions have significant impact to the facility/department or division, causing increased satisfaction or dissatisfaction; producing efficiencies or delays; promoting or inhibiting personal intellectual or professional development; and/or contributing to financial gain or expense. Errors may be serious, usually not subject to direct verification or check, causing losses such as improper cost calculations, overpayment or improper utilization of labor, materials or equipment.

Wide-ranging experience, use professional concepts and company objectives to resolve complex issues in creative and effective ways. Effectively provide solutions to problems, drive to root cause and communicate root cause analysis of process deficiencies to all levels of management. Extensive knowledge of and skill in applying CoBIT, IIA, COSO, ISO, ITIL, Data Privacy, PCAOB, and preferred best business practices. Extensive experience and knowledge in Information Technology; an increased level of proficiency in operating systems, middleware and databases. Work to develop industry-level knowledge on risk assessments and risk mitigation strategies and techniques. Formal auditing skills required. Facilitation and organizational change management skills to include the application of facilitation tools and techniques. Exceptional interpersonal skills in areas such as teamwork, facilitation and negotiation. Understanding of the political dynamics of the enterprise and how to navigate them. Excellent written and verbal communication skills. Excellent planning and organizational skills. Proven ability to manage concurrent complex projects. Ability to effectively manage time and costs through activity duration, sequencing, estimating, schedule development and control, resource planning and cost estimating and budgeting and control using program management practices. Proven ability to manage programs across global centers. Ability to effectively manage risk through risk identification, quantification and control using formal program management practices. Ability to understand the long-term ('big picture') and short-term perspective of situations. Ability to estimate the financial impact of alternatives. Ability to apply multiple technical solutions to business problems. Ability to quickly comprehend the functions and capabilities of new technologies. Expected to understand and apply system management, performance timing and troubleshooting techniques. Remain unbiased toward any specific vendor or technology choice; is more interested in results than personal preferences. Display intellectual integrity. Ability to partner with business operating units to drive process improvements, automated solutions and implements remediation activities to achieve desired results. Extensive skill in planning and project management, and in maintaining composure under pressure while meeting multiple deadlines. Skill in negotiating issues and resolving problems of high complexity. Interpret department strategies and services, resolve conflicts, influence outcomes on matters of significance for the division, conduct final negotiations and coordinate approvals/decision making below the executive level. Required to handle and resolve conflict within team, external departments and external auditors.