Lead Analyst Sdlc & Grc Compliance

Job Description

Paramount Global (NASDAQ: PARA, PARAA) is a leading global media and entertainment company that creates premium content and experiences for audiences worldwide. Driven by iconic studios, networks and streaming services, Paramount's portfolio of consumer brands includes CBS, Showtime Networks, Paramount Pictures, Nickelodeon, MTV, Comedy Central, BET, Paramount+, Pluto TV and Simon & Schuster, among others. Paramount delivers the largest share of the US television audience and boasts one of the industry's most important and extensive libraries of TV and film titles. In addition to offering innovative streaming services and digital video products, the company provides powerful capabilities in production, distribution, and advertising solutions.
Overview and Responsibilities:

This position is responsible for planning and managing the SDLC GRC Compliance process to ensure that SOX controls are in place and tested throughout the Software Development Life Cycle for major system implementations/ upgrades. This position will work under the supervision of the Director IT Compliance and will be responsible for identification and management of improvements to the design and operating effectiveness of SOX controls in response to large scale IT projects. Timely communication of the status of the pre-implementation review to senior leadership in Compliance, IT and business is a critical component of this position.
• Manage the preparation, planning and execution of SDLC related IT control testing for pre and post system implementations.
• Partner with all levels of IT and business management in the design and implementation of SOX controls. Ensure that SOX system pre implementation testing is conducted in a cooperative, timely and efficient manner with valuable reporting and cost-effective recommendations being provided to management to strengthen controls.
• Collaborate with various groups (e.g., internal IT organization, Applications owners, business process owners) and understand the impact of the implementation on the existing IT controls basis.
• Responsible for maintaining auditor Document Request Lists (DRLs) or any audit request and ensuring all responses are on time with high accuracy and completeness.
• Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties reviews.
• Routinely summarize and communicate to the affected project team, control owners and IT management, control weaknesses identified during testing, status of SDLC audit, issues resolution/ customer concern
• Document the audit procedures in workplans; Prepare reports on findings and recommendations for policy, procedure and internal control improvements.
• Provide ongoing education of IT Control Operators/Owners/Reviewers, especially around control design and execution, as well as how to assemble complete and accurate evidence documentation
• Identify on an ongoing basis relatable industry trends and potential evolving risks facing IT initiatives, potential changes to IT internal controls over financial reporting and assess their impact on the scope and strategy of the IT department.
• Manage the identification and evaluation of new third-party IT service providers.
• Perform customary administrative tasks and responsibilities. Providing testing assistance as part of the IT SOX testing program, when needed.
• Other assignments or special projects as requested by management.
• Work is governed by Sarbanes Oxley. Within the regulatory framework issues arise that are substantially complex, varied and regularly requires the selection and application of technical and detailed guidelines. Independent judgment is required to identify, select, and apply the most appropriate methods as well as interpret precedent.
• Operate very independently. Supervision received typically includes feedback, mentor and advice
• This role typically has one direct report.

Basic Qualifications:
• A BA or BS Degree or equivalent in Information Systems, Accounting, Finance, Business, or related field
• Professional Certification is preferred (CISA, CISSP, SSCP, CPA, or equivalent)
• At least 6+years of technology and audit experience (general technology controls, application, and security) within a public accounting, and/or internal audit function.
• In depth understanding of System Development Lifecycle methodology (SDLC), application security, Application Controls, IT General Controls including interfaces and configurations on a variety of applications, operating systems, databases and networks
• Five or more years of experience with internal controls evaluation, COSO, COBIT, ITIL, ITGCC, and SOX 404 requirements including all phases of planning, evaluation, documentation, testing and remediation.
• Working knowledge of:
• Oracle Database Administration, Security Administration and e-Business Suite (a plus) Auditing
• SAP HANA Auditing
• Windows Operating System and Active Directory Security including Users and Groups, Group Policy, Domain Structures, Security and Auditing
• UNIX / Linux Operating System Security, including Users and Groups, System Configurations, File Permissions, Privileged Accounts, Password Controls, Security and Auditing

Additional Qualifications:
• Knowledge of segregation of duties principals and experience with SAP GRC and Oracle GRC tools.
• Solid Project Management skills
• Excellent written and verbal communication skills with the ability to communicate control analysis and recommendations with clarity and integrity
• Excellent consultative and communication skills, decisiveness, and the ability to work effectively with IT management, staff, vendors, and auditors
• Must be self-motivated, proactive, hardworking, and dependable, a team builder and a great teammate.
• Working knowledge of audit control management tools, such as AuditBoard, and the skills to use the core functionality within those tools.
• Exercise tact, discretion, good judgement and diplomacy when interacting and negotiating with internal and external parties.
• Neutralize sensitive topics and focus on the tasks and objectives at hand.
• Work autonomously, establish and commit to a plan to achieve goals independently, function in a fast-paced, high-volume and multi-threaded work environment!

Paramount is an equal opportunity employer (EOE) including disability/vet.

Jobcode: Reference SBJ-g4zxpy-18-216-227-76-42 in your application.