Risk Assurance Associate

As a Risk Assurance Associate, you will be part of our Global Trust department that covers information security, privacy, and product security risks and certification and will report to one of the Risk & Compliance Managers/Counsel. You will collaborate with members of the entire Global Trust department as well as the ­­­­­Clinical Risk, Clinical Safety, and Compliance teams to support the risk management and assurance support across InterSystems products, services, and operations.

The Risk Assurance Associate responsibilities will include:

• Generating risk reports and assessments on technology risks, processes, and controls.
• Support of investigation of internal control incidents or control failures, including data breach incidents

current and emerging technologies which may include cloud services (SaaS, PaaS, IaaS), web development tools, virtualization, UNIX, Linux, Windows, and networking and security technologies.

• Supporting audits for ISO 27001/ISO 27002, SOC 2, HITRUST, NIST SP 800-53, CSTAR (CAIQ), ISO 27017/27018/27701, OWASP, SLSA, NIST CSF, and/or other leading business and IT control frameworks.
• Capturing key risk indicators for domains of information technology general controls, including change management, access to programs and data, computer operations and systems development, cybersecurity and resiliency frameworks.
• Reporting and gathering information on key risks and controls, knowledge of privacy/security/risk management controls readiness, controls optimization, including the configuration of controls around security, privacy, business process and within IT environments.
• Supporting review of control failures including working with internal and external parties for evidence collection and evaluation, root cause determinations, and recommendation development for Plan of Action and Milestone corrective actions.
• Applying internal control principles and business/technical knowledge including information technology general controls and application controls; risk reporting concepts; working experience applying professional skepticism skills.
• Assisting with the adaption of work programs and practice aids, as well as perform assessments, using relevant tools to evaluate controls, security, SOD, and potential for optimization.
• Exhibiting project management skills, including developing project plans, resource budgets, and deliverables schedules.
• Creating a positive environment while meeting management expectations. This includes providing candid, meaningful feedback in a timely manner and keeping leadership informed of progress.
• Assisting with interactions with customers on solutions and reviewing projects on customer engagements (implementations).

Required Qualifications:

• 1+ years of auditing or risk management
• Bachelor’s degree in one of the following: Accounting, Finance/Economics, Management, Information Systems, Computer Science, Business, Science, Technology, Engineering & Mathematics and/or other business field of study

Preferred Qualifications:

• Certifications such as CIPM, CISA, GSNA, CRMA, or CCSA
• Experience and knowledge around controls with risk reporting, compliance, and operational processes within an organization as an auditor or business process specialist, including business process and IT management control.

We are an equal-opportunity employer and do not discriminate because of race, color, religion, sex, national origin, ancestry, marital status, veteran status, age, disability, sexual orientation or gender identity or expression or any other legally protected category. InterSystems is an E-Verify Employer in the United States.