Senior IT Compliance & Risk Audit Administrator

Job title: Senior IT Compliance & Risk Audit Administrator

Company: ZS Associates


Job description: Job Description:ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS.Our most valuable asset is our people.At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are andmake us unique. We believe your personal interests, identities, and desire to learn are part of your success here. about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.Senior Compliance & Audit AdministratorWe seek a Senior Compliance & Audit Administrator to join our Shanghai, China office. As a member of the ZS Governance, Risk & Compliance team. This individual will lead the planning, execution, and reporting on Information Security & Privacy compliance programs in China to support of various internal, external compliance requirements and initiatives as well as client directed compliance mandates.What You’ll Do:

• Lead implementation, sustenance and internal audit of regulatory compliance requirements like MLPS, PIPL, etc. as per China local laws
• Perform internal assessments and audits in accordance with the plan based on various control frameworks and standards
• Establish, monitor, document, and update compliance controls and findings
• Create remediation plans based on findings and initiate projects, as necessary, in order to meet commitments made within remediation plans
• Participate in client directed audit and compliance initiatives, including but not limited to, MLPS, SOC 2 Type 2 audits, PIPL control assessments, and Vendor Data Security and Privacy assessments;
• Develop and update policies, process maps, templates and supporting change management tools, as often as needed
• Assist in the development of training material in support of policy adoption & regulatory awareness enterprise wide (especially in China) ; participate in compliance training workshops, as needed
• Monitor compliance with existing policies and supporting tools
• Liaison with ZS Client Teams and the ZS SaaS Development & Hosting teams to ensure that all mutually agreed upon business operations SLAs are met
• Plan and participate in DR & Application Security planning and testing
• Assist with vendor review and selection in support of on-going internal and client directed compliance initiatives
• Assist the Legal team with the review of client contracts as it relates to technology specific compliance requirements
• Assist the Legal team with the interpretation of various China laws and technical compliance directives and determine potential impact to the organization
• Assist with the completion of client RFPs and RFIs as it relates to compliance
• Work with IT, consulting, SD Group and legal teams on compliance standards
• Security and compliance projects as assigned.

What You’ll Bring:

• Bachelor’s degree with record of high academic achievement (information / cybersecurity and/or Computer Science is preferred)
• Expertise in MLPS, PIPL, CBDT, laws / frameworks
• Atleast one of the below certifications –

• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CGEIT (Certified in the Governance of Enterprise IT) or CRISC (Certified in Risk and Information Systems Control)
• Lead Auditor ISO 27001:2013
• Lead Auditor ISO 27701:2019
• Eagerness to contribute in a team-oriented environment
• Ability to work methodically and analytically in a quantitative problem-solving environment
• Excellent leadership, communication, and organizational skills
• Strong customer service skills

Technical Qualifications:

• At least 6 years of information systems experience with audit planning, risk assessment, and reporting/documentation
• Hardware, software, and networking information technologies
• IT security, controls, practices, and procedures
• Working knowledge of various control frameworks including:

• MLPS, PIPL, CBDT, etc. – China specific information security & privacy frameworks
• ISO/IEC 27001:2013 – Information Security Management System
• ISO/IEC 27701:2019 – Personal Information Management System
• ITIL – Information Technology Infrastructure Library
• SOC 2 Type 2
• NIST – National Institute of Standards and Technology
• Disaster Recovery planning and testing
• Application Security planning and testing

ZS is a global consulting firm; fluency in English is required along with fluency (both in written and verbal) in Mandarin.Perks & Benefits:ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member.We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.Travel:Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.Considering applying?At ZS, we’re building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don’t meet 100% of the requirements listed above.ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.To Complete Your Application:Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.NO AGENCY CALLS, PLEASE.Find Out More At:

Expected salary:

Location: Shanghai

Job date: Sun, 02 Mar 2025 03:31:20 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck