Compliance, Internal Auditor
Certara - st. louis, MO
Apply NowJob Description
Overview As a Compliance Internal Auditor in the Compliance Standards & Data Privacy organization within Certara, you are part of a global, fast-paced IT organization with the primary mission to provide capable & resilient world class oversight and guidance to professional services, software, and corporate business units ensuring our team members have the ability to perform as the highest level in service of our customers. The Compliance Standards & Data Privacy function relies on experience and judgment to plan and accomplish goals through implementation of GRC best practice methodologies, governance, and tooling. The Compliance Internal Audit role will assist with the implementation and verification of Certara's compliance program(s), including correlating audit management and customer touchpoints. Working across disciplines, the role will help drive consistency of the GRC program and provide responsive support for internal stakeholders in the delivery of consultancy services and software to customers. The role requires understanding of consulting services & software organizations as well as internal corporate functions. This is a hands-on position and requires top notch organizational and time management skills to ensure requests are completed. Responsibilities Controls & Compliance o Work with business and technology delivery teams to maintain an effective suite of applicable compliance controls, adapting to changes in products, business processes, and technology solutions when necessary. o Assist with continually improving information security policies, procedures, standards and guidelines, and monitor their approval, dissemination, and maintenance. o Perform risk assessments and pre-implementation reviews to determine security, operational, and compliance risks and opportunities, and formulate clear recommendations for management's consideration. o Identify, understand, and document processes and procedures surrounding IT internal controls. o Participate in oversight of third-party relationship risk management with respect to IT controls. o Cross train on Compliance program(s) to ensure proper coverage/backups and also hinder duplication across programs. Audit Management o Maintain internal audit program for the assigned Compliance program(s). o Document and report on inconsistencies between control evidence and policies/procedures. o Assist teams to implement assessment or audit finding remediation plans, while minimizing the impact on the business. o Conduct follow-up reviews of any deficiencies noted during audits. Customer Touchpoints o Attend client audits to respond to queries related to assigned Compliance program(s). o Respond to/review customer RFI/RFP and security questionnaires. Qualifications • 2+ years of compliance experience in a Governance, Risk, Compliance function • 2+ years of experience in a technical role (IT or software development) preferred in Healthcare Industry • Basic knowledge of NIST and/or ISO standard framework • Resourceful in an ambiguous environment • Exceptional problem solving and communication skills • Top notch organizational and time management skills • Desire to continuously improve the business and one's own knowledge • Knowledge of current Governance, Risk and Compliance (GRC) technological tools and methodologies • Understanding of GRC tooling and platforms, experience with Atlassian products and/or SharePoint in the delivery of documentation • Knowledge of US and international regulations and laws related to IT-related compliance standards within the financial services industry is a plus Certara bases all employment-related decision on merit, taking into consideration qualifications, skills, achievement, and performance. We treat all applicants and employees without regard to personal characteristics such as race, color, ethnicity, religion, sex, sexual orientation, age, nationality, marital status, pregnancy, physical or mental condition, genetic information, military service, or other characteristic protected by law.
Created: 2024-11-05