Senior Governance, Risk, Compliance - Audit Security Advisor

Senior Governance, Risk, Compliance - Audit Security Advisor - Hybrid | Cary, NC

Nice to meet you!

We’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.

We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness.If you're looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you'll find it here.

About the job

The Governance, Risk, Compliance – Audit team within SAS Legal Services is looking for an experienced Senior Security Advisor (Individual Contributor role) with banking and /or financial service experience who is agile, adaptable and efficient to help drive regulatory, contractual, and compliance frameworks related to SAS Managed Cloud Services hosted projects, SAS non-hosted internal projects, and SAS software. This role requires an understanding of information technology and security controls and how they are applied to an organization to meet various certification and regulatory compliance frameworks, primarily PCI-DSS.

As a Senior Governance, Risk, Compliance - Audit Security Advisor, you will:

• Maintain an understanding of compliance requirements, standards, guidance, and interpretations and/or best practices, primarily PCI DSS but also may involve HITRUST, ISO 27001, and SOC 1&2.
• Work with internal SAS teams and external third-party assessment organizations to support and evaluate SAS’ technical and organizational measures according to the requirements of regulatory and compliance frameworks, primarily PCI-DSS, but also may involve ISO 27001, HITRUST, and SOC 1 & 2.
• Collaborate with Information Security, IT, and other teams to define and implement security processes and procedures based on industry standard best practices and relevant compliance requirements, which may include efforts related to:
  • Identification of control gaps and deficiencies.
  • Development of internal compliance programs to remediate the gaps.
  • Communication to applicable staff regarding requirements and procedures.
• Conduct scheduled and ad hoc reviews of applicable environments required to maintain compliance and certifications.
• Assist in the development of documentation and artifacts, in collaboration with other teams, to support program development.
• Respond to security questionnaires from, and interact with, customers and prospects related to SAS’ ability to meet security controls.
• Contribute and assist in preparing and maintaining control documentation (e.g., policies, procedures, and narratives).
• Review hosting, security, and audit contract terms and ensure compliance with current policies and processes.
• Must be a self-starter with the ability to work with little supervision, escalating issues, as appropriate.
• Maintain an ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity.
• Ability to handle multiple projects at the same time and solve problems.
• Perform other duties, as assigned.

Required Qualifications

• Bachelor’s degree in Business Administration, IT, Computer Science or related field.
• 8+ years of functional experience in project management, management consulting, IT, audit/compliance/risk or related field.
• 8+ years of experience in a regulated industry or working with customers in a regulated industry (i.e. banking, financial services). This experience may be concurrent with the above functional experience.
• Equivalent combination of related education, training and experience may be considered in place of the above qualifications.
• Understanding of best practices for information security and data privacy practices and processes.
• Understanding of regulatory standards and assessments: PCI-DSS, SOC 1, SOC 2, ISO 27001, HIPAA/HITRUST.
• Knowledge of IT or quality auditor procedures and tools (not financial/accounting).
• You’re curious, passionate, authentic and accountable. These are ourvalues and influence everything we do.

Preferred Qualifications

• Auditor or security certification, such as CISA, IIA or CISSP, or equivalent professional certification and/or training.
• Previous Internal Security Assessor (ISA) or Qualified Security Assessor (QSA) program participant
• Management consulting experience.
• SAS software implementation or IT hosting experience.

World-Class Benefits

Highlights include...

• Comprehensive medical, prescription, dental and vision plans.
• Medical plan options include...
  • PPO with low annual deductible and copays.
  • HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
• Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
• An industry-leading 401k plan.
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off, parental leave and unlimited paid sick days.
• Generous childcare benefits for all full-time employees.

Diverse and Inclusive

At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Know Your Rights.

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

#SAS