everis is a multinational consulting firm providing business and strategy solutions, application development, maintenance, and outsourcing services. Established in 1996, everis has averaged 20% annual growth in revenues, and it became part of NTT Data in January, 2014.
Being part of the NTT Data group enables everis to offer a wider range of solutions and services through increased capacity, as well as technological, geographical, and financial resources.
everis USA is looking for high-achieving team players that are quickly adaptable to new challenges and entrepreneurial ventures. We are currently seeking a Risk and Compliance Analyst.
Paid Competitive Hourly Rate
- 1-3 years working with Operational Risk and Compliance
- Surity Audits
- SOX, NERC-CIP ,ISO27001, PCI-DSS, NIST
- Governance Risks and Compliance systems (SOX, NERC-CIP ,ISO27001, PCI-DSS, NIST)
- Cybersecurity fundamentals
- Following tools ( is a plus)
- RSA Archer GRC
- MS Sharepoint
- Spanish language is a plus (fluent level)
- Good reporting skills
- Processes oriented
- Good people skills
- customer oriented
Provide administrative support and services for all the following activities for Global Controls, SOX Audit, and NERC-CIP to assure all IT participants are maintaining needed evidence and performing loading of evidence on time.
- Employee and Contractor tracking - Tracking and reporting for NERC-CIP and Contractor Requirements for the IT Department to include communications with responsible IT Managers and Owners for upcoming due dates and assisting with scheduling of training for department resources:
o Contractor Background Check Status
o NERC-CIP Training
o NERC-CIP Employee Background Check Status
- Operational Evidence Collection – Facilitate and assist in Evidence Collection from responsible groups and Loading to associated document management systems including CATSWeb, Archer GRC, SharePoint Portals and protected shares as required for identified controls.
o NERC-CIP scheduled evidence collection and loading
o Facilitate patch review meetings
- Communication of tasks – Communicate to control and process owners for deliverables due to meet compliance requirements and escalation to management for task at risk of failure
- Creation of compliance reporting – prepare Leading Indicator and monthly reports drafts for Management presentation.
o Monthly NERC-CIP compliance reports
o Status Reporting of group mitigation activities
- New Control Evaluation – Review and analyze control design and operation evidence from Control owners for new systems and/or new regulatory and legal requirements as needed.
o Includes communication to control owners and escalation to management for deficiencies and gaps.
IT Certification and AGF Assurance
- Candidate will participate in the annual certification exercises as a partner with the IT Compliance group which includes coordinating with global and local teams of critical and financial systems.
- Evidence Collection Support - Evidence Collection guidance and assistance for responsible groups to assure loading of evidences to associated document management systems including SharePoint, Archer, and protected shares as required. Includes communication to control owners for deliverables due and escalation to management for delays and due date risks.
- Control Owner / Assessor Support – Provide support and guidance to Control Owners and Assessors in use of the tools and certification processes.
- Evidence Evaluation – Review and analyze provided evidence to control objectives and document observations and results. Communicate to team and owners of results. Includes communication to control owners and escalation to management for deficiencies and gaps.
- Deficiency Mitigation Support – Facilitate and track mitigation plans of Control Owners for ineffective controls identified in exercises.
Annual Audits and Assessments
- Candidate will participate in the annual audit exercises as a partner with the IT Compliance group which include internal and external reviews of the key critical and financial systems. This includes yearly Financial audits as well as periodic NERC and other audits and assessments.
- Evidence Request Monitoring – Monitor and maintain Data Request Lists(DRLs) from auditing entities for status and needed data/evidence to satisfy requests.
o Includes communication to control owners for deliverables due and escalation to management for outstanding requests.
- Evidence Collection Support - Evidence Collection from responsible groups and loading to associated document management systems including SharePoint Portals and protected shares as required and requested from the auditing teams. Includes review of collected evidence and communication to control owners for insufficient documents or data.
- Deficiency Mitigation Support – Facilitate and track mitigation plans of Control owners for negative audit findings reported by Iberdrola local and global internal or external auditors.
Empowerment and rewards are the cornerstone of our career development model. We are a young, fast-growing company, with a highly innovative and entrepreneurial spirit, because of this professional experience and growth will be unmatched. Our talent and positive attitude allows us to transform our goals into achievements, and projects into realities.
everis is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. everis is an Equal Opportunity Employer Male/Female/Disabled/Veteran and a VEVRAA Federal Contractor.