Staff Technical Compliance Manager

Job Overview

The A2D, DevX, T4i, GTMT, and MSE Segment Security organization enables Intuit to leverage data, data analytics, artificial intelligence and platform technology to power prosperity around the world. It's a fast-paced, constantly evolving and exciting place to be! The Staff Technical Compliance and Audit Manager assists in ensuring A2D assets meet technical compliance requirements, including the ISO27001 standard, Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX) Information Technology General Controls (ITGC), the California Privacy Rights Act (CPRA), EU's General Data Protection Regulation (GDPR) and Trusted Services Principles (SOC2). This role will work closely with A2D segment teams and CyberCRAFT governance, risk and compliance teams to ensure Intuit offerings and uses of technology adhere to good security and privacy practices and meet regulatory and industry standard requirements. This includes working with internal and external auditors to oversee audit activities and monitor remediation of audit findings.

Responsibilities

The Staff Technical Compliance and Audit Specialist will:- Assess the compliance posture of A2D assets relative to technical compliance requirements - Assist teams in developing and implementing controls that satisfy relevant compliance frameworks- Support relevant compliance efforts led by other Intuit segments as they relate to A2D assets (e.g., the annual NIST SP 800-53 review of security controls for the IRS and the Indiana Department of Revenue annual self-assessment)- Maintain process compliance and process evidence to fulfill audit requests- Oversee execution of technical audits and audit-related activities, including PCI, SOX, SOC2 Type II and ISO27001- Respond to requests for audit evidence- Coordinate responses to security assessments (requests for information) from customers and business partners

Additionally the successful candidate for this position will:- Develop strong relationships with the business to understand their goals, mission, business drivers and compliance posture- Follow activities of external policy making bodies to understand the impact their decisions may have on Intuit's ability to maintain compliance as required- Participate in discussions with Intuit workers and executives pertaining to design, implementation and operations of security and privacy practices- Provide input on multi-year, cross-functional security, privacy and technical compliance strategy and roadmaps

Qualifications

Skills & Education required for the role Include:- Knowledge of common compliance and regulatory frameworks used in the technology and software industry- Demonstrated ability to organize and lead audit activities- Experience in evaluating risks associated with various technologies- Demonstrated ability to learn and share knowledge- Demonstrated ability to audit a software application for compliance to regulatory standards- The ability to communicate with individuals at any level in the organization as well as with customers, partners, auditors and governing agencies- Ability to document, review and analyze core business processes- Ability to think critically about security, privacy, compliance and risk practices and their effective application to real business situations- Willingness to work across boundaries to solve problems across multiple technologies and businessdomains- BA/BS in a field related to appropriate function or equivalent experience- Experience as an external auditor a plus- Preferred: one of more of the following certifications: CISA, CIPT, CGEIT, CRISC, CRMA, PCIP or PCI ISA