Address
Form of work
SalarySalary: $80,000-$100,000
A family of companies and experiences
As the leading foodservice and support services company, Compass Group USA is known for our great people, great service and our great results. If you’ve been hungry and away from home, chances are you’ve tasted Compass Group’s delicious food and experienced our outstanding service. Our 225,000 associates work in award-winning restaurants, corporate cafes, hospitals, schools, arenas, museums, and more in all 50 states. Our reach is constantly expanding to shape the industry and create new opportunities for innovation. Join the Compass family today!
great people. great services. great results.
Each and every individual plays a key role in the growth and legacy of our company. We know the next big idea can come from anyone. We encourage developing and attracting expertise that differentiates us as a company as we continue to raise the bar.
Job Summary
Perform detailed information technology assessments and audits across all areas of the business. The associate must act as an information security implementation consultant. This position is responsible for managing with an independent partner audit and testing of controls in both SOC1 & SOC2 audits, HIPAA security audits, internal PII audits, and conducting annual policy and procedure reviews. Essential Duties include the participation in the planning, execution and reporting of security audits and assessments with minimal supervision and the management of the remediation activity. Performing Interviews, examinations, and testing of security controls. Assist in preparation of assessment deliverables - Security Control Assessment Report, Security Risk Assessments. Reporting into the Senior Manager IT Audit, the associate will provide audit readiness consulting to clients, internal audit departments and interact with the senior management, financial auditors, and the senior technology leaders during audits on scoping, controls, identification, and execution of testing plans. Execute and report on information technology, privacy, and operational reviews to identify business, privacy, security, compliance, information technology and regulatory risks.
Additionally, this individual will be required to be trained in PCI (Payment Card Industry) compliance and become PCI-ISA certified. In this capacity they will perform work related to our PCI compliance, including firewall reviews, self-assessment questionnaires, attestation of compliance, and other related tasks.
Job Qualifications
Two or more years total experience including at least one year of audit and/or information security experience. Experience and preferred expertise with Windows, SAP, AD, AWS or other business technologies. Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA), other industry-recognized major certification, or preparing to get certification. Working knowledge of security compliance criteria, best practices, policy and procedure review, gap analysis, and risk assessments. AS, BA or BS degree in MIS, Computer Science, Finance or Accounting desired. Experience with Service Organization Control (SOC) audits and HIPAA. CPA, CFE, Security+ and CISSP desired. PCI-ISA certification is a plus but can also be obtained after joining the company.
Very strong attention to detail and excellent organizational skills are required. Strong communication and project management skills preferred.
Responsibilities
IT Audit Team
Job Responsibilities
Pre-Audits
i.External Audits of ERP systems
ii.SOC1 & SOC2
iii.Internal Audits (systems and/or business processes)
SOC1/SOC2 Audit Planning and Execution, coordination with internal control owners and external auditors.
External Audit Planning and Execution
Vendor IT Audits, in conjunction with Procurement department and TPRM Team
Document and maintain Audit projects in GRC platform/technology.
PCI Team
- Review firewall change requests within PCI environment.
- Complete PCI AOC (Attestation of Compliance) requests.
- Complete SAQ (Self-Assessment Questionnaires) requests.
- Organize and manage a large number of Merchant IDs (MIDs).
- Collaborate as needed with Treasury function.
Internal Audits
1.Pre-Implementation of Internal Audits following re-design to streamline efficiency
2.Deliver security audits that are
- Agreed with the owners of target environments, defined in scope, and documented
- Performed by experienced and qualified individuals who have sufficient technical skills (e.g., hold certifications for security audit and testing) and knowledge of information security
- Conducted frequently and thoroughly (in terms of scope and extent) to provide assurance that security controls have been deployed, operate as designed and meet security objectives (e.g., reduce levels of risk)
- Validated by competent individuals and carried out by independent external parties where the risk is deemed significant or required by regulatory requirements
3.Include important information and ratings from the results of security audits
- Control effectiveness (e.g., very low to very high)
- Conformance classification (e.g., fully/partially/non-compliant)
- Risks (e.g., red/amber/green (RAG) or insignificant to critical)
- Business, compliance, and technology implications (e.g., values entered in a business impact reference table such as very low to very high & recommendations, actions, and costs (e.g., priority, timescales, and responsibilities)
- Assign audit results requiring remediation to an appropriate owner, log & track results to completion.
4. Conducts Audits
- Healthcare Applications
- Critical Compass Applications
- Privileged Account Audits
- IT Systems Access
- Cloud AWS/Azure Environments, Standards, and Access
- Publicly Available IT Resources
Apply to Compass Group today!
Click here to Learn More about the Compass Story
Compass Group is an equal opportunity employer. At Compass, we are committed to treating all Applicants and Associates fairly based on their abilities, achievements, and experience without regard to race, national origin, sex, age, disability, veteran status, sexual orientation, gender identity, or any other classification protected by law.
Qualified candidates must be able to perform the essential functions of this position satisfactorily with or without a reasonable accommodation. Disclaimer: this job post is not necessarily an exhaustive list of all essential responsibilities, skills, tasks, or requirements associated with this position. While this is intended to be an accurate reflection of the position posted, the Company reserves the right to modify or change the essential functions of the job based on business necessity. We will consider for employment all qualified applicants, including those with a criminal history (including relevant driving history), in a manner consistent with all applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York Fair Chance Act. We encourage applicants with a criminal history (and driving history) to apply.
Compass Corporate maintains a drug-free workplace.
Applications are accepted on an ongoing basis.
Associates at Corporate are offered many fantastic benefits.
- Medical
- Dental
- Vision
- Life Insurance/ AD
- Disability Insurance
- Retirement Plan
- Paid Time Off
- Holiday Time Off (varies by site/state)
- Associate Shopping Program
- Health and Wellness Programs
- Discount Marketplace
- Identity Theft Protection
- Pet Insurance
- Commuter Benefits
- Employee Assistance Program
- Flexible Spending Accounts (FSAs)
Req ID: 1280005
Compass Corporate
Michelle Lombardozzi
[[req_classification]]
