Senior SOC Reporting Analyst

Responsibilities

Job Description

What will you contribute?

Working as part of the Global Risk Management team (reporting to the Lead for SOC Reporting), this role is vital to the timely and accurate preparation of SOC reports across Finastra. We undergo a large quantity of SOC assessments for various Finastra products on an annual basis, and this role will play an important role on the team working with our external auditors and our Finastra stakeholders throughout the SOC reporting process. A strong knowledge of SOC 1 and SOC 2, as well as strong Financial Technology knowledge, is a must in this position.

Responsibilities & Deliverables:

This position will be an important contributor to the efforts in the maturation, implementation, execution, and maintenance of the SOC Program and team. Activities to support these programs include:

• Working with SMEs to determine key controls and draft control wording for new/changed controls to be included and tested in SOC reports

• Review/validate Descriptions of Systems, and work with SMEs to ensure the Description accurately reflects their processes/controls

• Review/validate risk assessments and their resultant controls

• Working with our Service Auditors to understand what deliverables are required and their requisite timelines

• Partnering with key stakeholders, internal customers, and subject matter experts to ensure program milestones are successfully achieved

• Discuss evidence needs and requests with SMEs to clarify Service Auditor requests, to ensure appropriate documentation is provided to satisfy Service Auditor requests

• Facilitate Service Auditor virtual/onsite walkthroughs and other meetings

• Scheduling status update meetings with Service Auditor, SMEs and other resources

• Follow-up on and review deliverables to ensure that they are received timely and complete

• Track and manage to resolution deliverables and findings (including, as appropriate, adding to the Risk Register)

• Evaluate management responses to deviations and challenge/test them, as appropriate.

• Using Microsoft TEAMs or similar technology to establish tasks/deliverables for the SOC audits based on the controls and document requests of the Service Auditors

• Assist in the development, reporting and management of actionable reporting, KRIs and KPIs

• Managing and supervising SOC team members to ensure all phases of the SOC audits are met timely

• Tracking and managing projects and/or initiatives as assigned

Required Experience:

• Graduate in Information Technology, Computer Engineering, qualified Chartered Accountant or another relevant field

• At least three to five (3-5) years 'work experience in Risk or Audit with substantial work in the preparation of SOC reports (SSAE 18, ISAE 3402, CSAE 3416, or equivalent, SOC 2).

We are looking for someone who has worked with Service Auditors preparing reports or has prepared the reports versus someone who has just been the recipient of the SOC reports.

• Experience working in financial services and/or financial technology (FinTech) industry

• Demonstrated written and oral communication skills and the ability to present to various levels of audiences from peers to executives

• Ability to work both collaboratively and independently

• Must be extremely organized, detail oriented and have a strategic mindset

• Excellent analytical and problem-solving skills

• Ability to multi-task and adjust to shifting priorities

• Proficient in working with data using Microsoft Office Suite and other technologies

• Comfortable using virtual meeting technologies (i.e., TEAMs)

• Experience in communicating with overseas clients

Preferred Experience/Skills:

• Knowledge and experience with laws, regulations, guidelines, and frameworks and requirements such as FFIEC, NIST, ISO27001, GLBA, OCC Heightened Standards, etc.

• One or more relevant professional certification, such as Certified Public Accountant (CPA), Chartered Accountant, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC).

• Strong knowledge of risks related to IT application development and infrastructure maintenance, User Access, IT security, business continuity and disaster recovery, and emerging technology platforms - mobile device platforms, cloud services, Big Data, and social media.

• Expertise with Audit Board, Microsoft Excel, PowerPoint, and Word

• Experience with BIG4 in similar profile would be an added advantage