Application Controls Specialist US

Basic Function

A Controls Specialist plays a vital role in safeguarding the organization's IT infrastructure by ensuring the effectiveness of security controls. 

Ensure efficiency and monitor the IT security controls (Data Validation, Authorization Controls, Data Encryption, Audit Logging and Monitoring etc.) of our applications (on prem and cloud based), operate efficiently and effectively, aligned with information risk and security policies and standards, adhere to compliance policies and standards, and to the organizations security risk profiles.

The role will play a big part in supporting our internal controls improvement journey, by working to manage the design, implementation, and monitoring of IT controls as part of our ongoing internal compliance program, building capabilities to support and protect business's strategy and operations. This role involves proactively monitoring and remediating control points and areas of risk, areas that require improvement, and exception issues.

This role involves collaborating closely with cross-functional teams to ensure secure and seamless customer experiences across our platforms.

Roles & Responsibilities

• Collaborate with internal and external auditors during IT audits, providing technical expertise and insights.
• Ensure IT security controls operate efficiently and effectively, aligned with information security policies, standards, and compliance requirements.
• Identify and address gaps in security control design to mitigate cyber risks.
• Support the adoption of comprehensive application security processes and procedures, ensuring adherence to security best practices.
• Collaborate with cross-functional teams (product, development, security) to ensure a secure and seamless customer experience across platforms.
• Prepare regular reports on security control effectiveness and recommend enhancements to strengthen IT governance.
• Communicate effectively with technical and non-technical audiences regarding security controls and findings.
• Review product architectures for IT control security design gaps and vulnerabilities and consult with product teams and cyber security to remediate or mitigate cyber risk. Identify IT application end to end security deficiencies and implement approved remedial actions.
• Support adoption of comprehensive application security processes, procedures, and guidelines.
• Undertake required tactical application security skills and awareness training as required.
•  Implement systems and integrations to driver greater automation and remove areas of human error.
• Collaborate with internal and external auditors during IT audits.
• Regularly assess the effectiveness of IT application controls using defined metrics and indicators.
• Prepare regular reports on outcomes and recommend enhancements to bolster IT governance.
• Proactively monitor IT security controls (data validation, authorization, encryption, audit logging, etc.) for key applications (on-premises and cloud-based) to identify weaknesses and potential vulnerabilities.
• Analyze security alerts and application security control deficiencies, recommending and implementing corrective actions.
• Regularly assess the effectiveness of IT security controls using defined metrics and indicators to identify areas for improvement.

Min. Qualifications

• Bachelor's degree in Information Technology, Computer Science, or a related field (preferred).
• Expert knowledge of IT security controls and best practices (data validation, authorization, encryption, audit logging, etc.).
• Experience with security tools and technologies used for control monitoring and analysis.
• Understanding of cloud security concepts and technologies (if applicable).
• SOX knowledge, in addition to experience of implementing/auditing against US SOx IT framework control.
• Expert knowledge and practical product and software security experience, including secure SDLC practices, defense-in-depth design architectures, and secure by default configurations
• Identity and Access Management knowledge:
• Application Security Principles and Best Practices: 
• Security Tools and Technologies: 
• Application cloud and on-prem logic and data layer architecture, inc SQL, Oracle and Azure.
• Relevant certifications such as COSO, ISO27001 are preferred.
• Proven experience in IT application control analysis, IT audit, or a similar role.
• Strong understanding of IT governance frameworks and regulatory compliance.
• 7 + years of IT security controls supporting software/infrastructure security and controls audits, governance and compliance, i.e. metrics, assessments, audits, risk frameworks, IAM, PAM, and maturity models
• 2 + years of experience with Cloud technologies.

Preferred Qualifications

• Languages English, additional language preferred

Competencies