Staff Technical Compliance Manager

Job Overview

Come join the Intuit Information Security Organization at Intuit! We are looking for an innovative professional to join a world class team.

As a Staff Technical Compliance Manager with the Enterprise Security and Compliance team, you will be responsible for managing enterprise-wide IT compliance programs with specific focus on Sarbanes-Oxley Act (SOX) Section 302 and 404 requirements. You will play a critical role in ensuring that our IT systems and processes are in compliance with relevant regulations and industry best practices. This position requires an understanding of SOX IT requirements, experience applying recent changes prompted by PCAOB Inspection results, and have the inquisitive foresight to gain efficiencies through controls optimization and automation. Experience working with Accounting/Financial reporting leaders and Big 4 accounting firms is a plus.

Responsibilities

• Lead scope management by developing and leveraging a risk-based methodology when introducing new and existing services and their underlying infrastructure components within the scope of applicable audits.
• Lead and manage all aspects of SOX audits, such as scope expansion, management readiness, walkthroughs, evidence collection, and liaising with internal and external auditors.
• Drive adoption of emerging compliance framework requirements (e.g., COBIT, ISO 27001:2022) through thorough analysis and prescriptive guidance.
• Evangelize Intuit's unified controls database to applicable stakeholders (i.e., control owners, Compliance SMEs) to ensure there is a clear understanding of roles and responsibilities.
• Support the policies and standards lifecycle process to ensure they address all current and emerging cybersecurity regulatory requirements.
• Support the needs of our business units to ensure they're meeting their compliance commitments, and provide periodic updates on their compliance status to management.
• Work closely with the Product Development teams to define requirements within the automated compliance platform tooling, such as control definitions, attribution, evidence, framework mapping, etc.
• Support the controls lifecycle process through periodic assessments of Intuit's unified controls database.
• Identify control deficiencies through risk-based continuous monitoring assessments and security controls campaigns, and provide recommendations that can be reasonably adopted.
• Document and report noted security assessment findings and work with control owners on remediation requirements, strategy, and execution.
• Regularly monitor remediation activities for noted findings, and escalate on remediation plans that are at-risk of being overdue.
• Develop and maintain compliance monitoring dashboards to provide real-time and on-demand compliance status metrics that can be presented to leadership.
• Work closely with control owners (or Providers) to identify ways to effectively monitor compliance posture through automation.
• Establish partnerships with cross-functional teams such as Legal, HR, Security, and IT to ensure they understand their roles when supporting the compliance program.
• Be a strong advocate for Intuit's Information Security organization!

Qualifications

• 7+ years working experience in a security compliance, technology audit, and/or security risk management role.
• Demonstrated experience with IT/security internal control definition, design, development, implementation, and monitoring, and how they relate to financial reporting, data and transactional completeness and integrity.
• Functional knowledge of multiple security domains and information security industry standards and best practices.
• Experienced with implementing and/or auditing compliance programs in accordance with COBIT, COSO and security frameworks such as SOX, ISO 27001, SOC 2, PCI-DSS, NYDFS and/or NIST 800-53.
• Understanding of cybersecurity risks management practices, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.
• Experienced with the implementation and/or use of control automation and compliance tools and maintaining effective internal control systems.
• Strong understanding of accounting principles, financial reporting processes and auditing procedures.
• Experienced with cloud infrastructure technologies and services (e.g., AWS, GCP, Azure) and various enterprise SaaS solutions.
• Ability to lead cross-functional teams and coordinate with various departments involved in the SOX program
• Good organizational skills, proactive and self-sufficient with a proven ability to work independently.
• Drive, determination, and the ability to overcome roadblocks and initial objections.
• Ability to effectively prioritize and execute tasks, while balancing multiple projects simultaneously.
• Proven experience in managing complex compliance programs/projects.
• Posses a meticulous approach to documentation, testing and reporting compliance activities
• Ability to work collaboratively with multiple stakeholders across different backgrounds and skill sets.
• Strong written, verbal communication, and presentation skills.
• BS/BA in a related field (e.g., Computer Science, MIS) or equivalent relevant experience.
• Security-related certifications such as CISA, CRISC, CISSP, and/or ISO Lead Auditor are highly desirable.