Internal controls analyst

Nivel cariera

Middle (2-5 ani)

Limbi vorbite

engleză

Adresa/ adresele jobului

Iași


Company description:

Conduent is the world’s largest provider of diversified business process services with leading capabilities in transaction processing, automation, analytics and constituent experience. We work with both government and commercial customers in assisting them to deliver quality services to the people they serve.

 We manage interactions with patients and the insured for a significant portion of the . healthcare industry. We are the customer interface for large segments of the technology industry and the operational and processing partner of choice for public transportation systems around the world.

 Whether it’s digital payments, claims processing, benefit administration, automated tolling, customer care or distributed learning – Conduent manages and modernizes these interactions to create value for both our clients and their constituents.

Learn more at .

Purpose:


•Responsible for planning and implementing risk management strategies, processes and programs.  Manages resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies. Development and execution of information risk controls and management strategies. Procures and governs information risk management services and consultants.
•The implementation of organization-wide processes and procedures for the management of operational risk.
•The development of, execution of, and consulting on information risk controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
•The resolution of incidents and problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.
•This role will specialize on a specific technology and/or risk management discipline. Examples of specialization areas can be any technology, technique, method, product or application area as they pertain to the disciplines of information security, privacy, disaster recovery, and regulatory compliance.

Scope:

Autonomy:
•Works under general supervision.
•Uses discretion in identifying and resolving complex problems and assignments.
•Specific instruction is usually given and work is reviewed at frequent milestones.
•Determines when problems should be escalated to a higher level.
Influence:
•Interacts with department/project team members.
•Frequent external contact with customers and suppliers.
•Decisions may impact work assigned to individual/phases of project.
Complexity:
•Specialized range of work, of relatively less complexity and standard, in variety of environments.


General:
•Builds knowledge of the organization, processes and customers
•Requires knowledge and experience in own discipline; still acquiring higher level knowledge and skills
•Receives a moderate level of guidance and direction
•Moderate decision making authority guided by policies, procedures, and business operations protocol

Primary Responsibilities:
•Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Coordinates the development of countermeasures and contingency plans.
•Investigates suspected attacks and recommends remedial action or escalation.
•Monitors actions to investigate and resolve incidents and problems in systems and services.
•Assists with the implementation of agreed remedies and preventative measures.
•Conducts security risk assessments for defined business applications or IT installations in defined areas and provides advice and guidance on the application and operation of elementary physical, procedural and technical controls (. the key controls defined in BS7799).
•Maintains knowledge of specific technical specialisms, provides detailed advice regarding their application, executes specialized tasks. Implements and administers risk management technologies and process controls in a given specialism, and conducts compliance tracking. The specialism can be any area of information or communication technology, technique, method, product or application area.
•Specific Tasks:
•Business Risk Management
•Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting probability of occurrence and impact on the business.
•Refers to domain experts for guidance on specialized areas of risk, such as compliance, architecture, finance and environment.
•Co-ordinates response to quantified risks, which may involve acceptance, transfer, reduction or elimination. Assists with development of agreed countermeasures and contingency plans.
•Monitors status of risks, and reports status and need for action to senior management.
•Information Assurance
•Assesses security of information and infrastructure components. Investigates and assesses risks of network attacks, data loss, compromise of data integrity, or risk of business interruption, and recommends remedial action.
•Reviews compliance to information security policies and standards. Assesses configurations for adherence to legal and regulatory requirements.
•Reviews security alerts, network usage logs, and other sources of incident information, to identify unacceptable usage, and breaches of privileges or corporate policy. Recommends appropriate action.
•Communicates information assurance issues effectively to users and operators of systems and networks.
•Risk Management
•Initiates the implementation of agreed remedies, in close liaison with the help desk, configuration management and asset management functions.
•Applies and maintains specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.
•Determines when security issues should be escalated to a higher level.
•Provides information and advice, such as reporting on achievement of risk management metric targets.
•Analyzes incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance. Assesses and reports the probable causes of incidents and consequences of existing problems and known defects.
•Conducts security control reviews in well defined areas.
•Develops and maintains knowledge of the technical specialism by, for example, reading relevant literature, attending conferences and seminars, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies.
•Maintains an awareness of current developments in the technical specialism.
•Identifies opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible.
•Carries out specific assignments related to the technical specialism, either alone or as part of a team.
•Maintains knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency.