Program Manager, Governance, Risk, Compliance - Audit

Program Manager, Governance, Risk, Compliance - Audit (Government) - Remote or Hybrid, Cary NC

Nice to meet you! 

We're the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers. 

We're also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you'll find it here.

About the Job

Be responsible for bridging the gap between compliance and information security by supporting policy and standards development, risk assessments, audits, and overall security controls guidance. The position is on a team that focuses on Compliance. You must have technical knowledge and/or experience in information security and the ability to communicate information security risk, controls, and mitigation strategy to management at all levels of the business across the enterprise.

As a Program Manager, Governance, Risk, Compliance - Audit (Government) you will:

• Maintain an understanding and benchmark compliance requirements, standards, guidance, and interpretations and/or best practices, including NIST 800-53, HIPAA, FedRAMP, IRS 1075, ISO 27001.
• Facilitate and ensure continuous monitoring activities are operating effectively.
• Identify control gaps and deficiencies and report to management.
• Conduct scheduled and ad hoc reviews of applicable environments required to maintain compliance and certifications.
• Support external assessment activities related to achieving required certifications and customer contractual requirements.
• Assist in the development System Security Plans, Plan of Actions and Milestones, Continuous Monitoring Plans, Incident Response Plans, and other documentation in collaboration with other teams.
• Assist in the maintenance of SAS Cloud and security policy and process development and updates, while ensuring compliance with regulations and guidance.
• Effectively communicate to applicable staff SAS security requirements and procedures.
• Operate as a consultant, researching and recommending changes to enhance or streamline quality and information security policies and processes.
• Advise on compliance, audit and/or security requirements within regulated markets (heavily focused on government sector requirements).
• Participate in security investigations and compliance reviews, as required by contract or regulation.
• Review SAS Cloud security contract terms and ensure alignment to current policies and processes.
• Participate in negotiations of security or SAS Cloud operations-related practices.
• Coordinate responses to RFP and security questionnaires.
• Use of the GRC tool for managing compliance profile, such as managing continuous monitoring indicators, build reporting dashboards, tracking of issue remediation.
• Perform issue remediation tasks such as analysis, documentation, follow-up and retesting in response to audit findings.
• Understanding of best practices for information security and data privacy practices and processes.
• Understanding of regulatory standards: SOC 2, FISMA/NIST 800-53, FedRAMP, CJIS or IRS 1075.
• Knowledge and experience with best practices /standards: ITIL, COBIT, GAMP5, or ISO 27001
• Perform other duties, as assigned.
• Travel as business requirements dictate at management discretion.

 Required Qualifications

• Bachelor's degree in Business, IT, Computer Science, Project Management  or related  field
• 5+ years of functional experience in project management, management consulting, IT, audit/compliance or related field.
• Experience in a regulated (pharmaceutical, banking, insurance, government) industry (may be concurrent with the above functional experience).
• Understanding of regulatory standards (ex: FDA Part 11, PCI,  NIST 800-53, IRS 1075).
• Knowledge and experience with best practices/standards (ex: COBIT, GAMP5, ISO 27001). 
• United States Citizenship
• You're curious, passionate, authentic and accountable. These are our values and influence everything we do.

Preferred Qualifications

• Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters)
• Management consulting experience
• Experience with ServiceNow issue management ticketing system
• Auditor or security certification (ex: CISA, IIA, CISSP) and/or training
• SAS software implementation experience or IT hosting experience
• Strong time management skills (schedules, prioritization).
• Excellent communication, analysis, and process flow skills.
• Ability to be flexible, display tact and diplomacy, and maintain confidentiality and integrity.
• Must have the ability to work with little supervision, escalating issues, as appropriate.
• Understanding of best practices for information security and data privacy practices and processes. 

World-Class Benefits  

Highlights include...

• Comprehensive medical, prescription, dental and vision plans with a low annual deductible and copays.
• Onsite Health Care Center (HQ) that's free to employees and covered family members.
• Onsite pharmacy (HQ) where a 30-day supply of any generic drug costs $5 or less. Not local? They ship for free.
• An industry-leading 401k plan.
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off, parental leave and unlimited paid sick days.
• Generous childcare benefits for all full-time employees.

Diverse and Inclusive

At SAS, it's not about fitting into our culture - it's about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it's essential to who we are. To put it plainly: you are welcome here.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Know Your Rights. Also view the Pay Transparency notice.

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified "sas.com" email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.