IT General Controls Expert – Software Development Lifecycle

IT General Controls Expert – Software Development Lifecycle

Description -

Description: -

HP is a proven leader in personal systems and printing, delivering innovations that empower people to

create, interact, and inspire like never before. We leverage our strong financial position to extend our

leadership in traditional markets and invest in exciting new technologies.

HP has an impressive portfolio and strong innovation pipeline across areas such as:

• Blended reality technology - our unique Sprout by HP will change the way people do things
• 3D printing
• Multi-function printing
• Ink in the office
• Tablets, phablets, notebooks
• Mobile workstations

We are looking for visionaries who are ready to make an impact on the way the world works. At HP, the

future is yours to create!

Applies developed subject matter knowledge to solve common and complex business issues within established guidelines and recommends appropriate alternatives. Works on problems of diverse complexity and scope. May act as a team or project leader providing direction to team activities and facilitates information validation and team decision making process. Exercises independent judgment within generally defined policies and practices to identify and select a solution. Ability to handle most unique situations. May seek advice to make decisions on complex business issues.

Responsibilities:

• Establishes and maintains relationships with several IT support/business teams. Uses deep business knowledge and business acumen to drive improvements in IT engagement for this initiative.
• Meet aggressive timelines, deliver quality product, and work well in a dynamic team environment. Demonstrate an understanding of standard IT processes and tools.
• Supporting team manager with various activities to help drive the various projects within the team to meet the goals.
• Engage with IT teams, Auditors & Legal as needed and help manage audit activities.
• Contribute as part of the second Line of Defense to the compliance of applicable laws & Regulations, Internal codes of practice/Standards and policy and procedures.
• Support management with delivery of action plans for AIR raised, Audit and SOX Controls testing.
• Ensuring that approved IT General controls are embedded in the current service lines and processes across HP.
• Analyze SOC reports (e.g., SOC 1, SOC 2, SOC 3) prepared by service organizations to assess the effectiveness of their controls related to financial reporting, security, availability, processing integrity, confidentiality, and privacy.
• Gain a deep understanding of the control objectives outlined in the SOC reports and the criteria against which the controls are evaluated. This involves interpreting the AICPA Trust Services Criteria for SOC 2 reports or the controls related to financial reporting for SOC 1 reports.
• Evaluate the design of controls documented in the SOC reports to assess whether they are suitably designed to achieve their intended objectives. This involves reviewing control descriptions, policies, and procedures outlined in the reports.
• Assess the operating effectiveness of controls by reviewing evidence provided in the SOC reports, such as test results, documentation, and management assertions. Determine whether controls are operating effectively over the specified period.
• Identify any deficiencies, gaps, or weaknesses in the controls documented in the SOC reports. This includes identifying areas where controls are not effectively designed or implemented, as well as instances of non-compliance with control objectives.
• Document findings from the analysis of SOC reports, including observations, conclusions, and recommendations for improvement. Clearly communicate findings to relevant stakeholders, including management, auditors, and clients.
• Collaborate with internal and external stakeholders, including auditors, clients, and service organizations, to address findings and resolve any issues identified during the analysis of SOC reports.
• Review all the project deliverables in accordance with SDLC framework.
• Stay updated on relevant regulations and standards applicable to the industry, Evaluate and recommend improvements to business practices, processes, and controls.
• Conduct risk assessments to identify potential compliance risks and vulnerabilities within the SDLC process.
• Develop mitigation strategies and controls to address identified risks and ensure that compliance risks are effectively managed throughout the development lifecycle.
• Provide support to internal and external auditors and auditees.

Education and Experience Required:

Bachelor’s degree in management information systems computer science or equivalent experience and a minimum of 5 years of related experience or a Master’s degree and a minimum of 3 years of experience.

Knowledge and Skills:

• Excellent verbal and written communication skills.
• Excellent project management and process development skills.
• Ability to collaborate, working closely with both functional and technical teams.
• Understanding of audit and assurance principles and practices. Familiarity with auditing standards, such as SSAE 18 (formerly SAS 70) for SOC 1 reports and AT-C 205 for SOC 2 reports.
• Strong knowledge of information security principles, concepts, and best practices.
• Proficiency in using software tools and technologies for analyzing SOC reports and assessing control effectiveness.
• Familiarity with data analysis tools, spreadsheet applications, and audit management software.
• Experience working with infrastructure environments (e.g., operating system, hardware, data center, security, network, voice, end user and server web related applications).
• PMP or SAFe Agile Scrum Master Certification preferred
• Strong knowledge on the Compliance processes and controls
• Authorship of the SDLC deliverables
• Understanding of the Change Management process

Disclaimer
• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

The base pay range for this role is $90,100 to $171,200 annually with additional opportunities for pay in the form of bonus and/or equity (applies to US candidates only).  Pay varies by work location, job-related knowledge, skills, and experience.

Benefits:

HP offers a comprehensive benefits package for this position, including:

• Health insurance
• Dental insurance
• Vision insurance
• Long term/short term disability insurance
• Employee assistance program
• Flexible spending account
• Life insurance
• Generous time off policies, including; 
  • 4-12 weeks fully paid parental leave based on tenure
  • 11 paid holidays
  • Additional flexible paid vacation and sick leave (US benefits overview)

The compensation and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.

Job -

Information Technology

Schedule -

Full time

Shift -

No shift premium (Mexico)

Travel -

Relocation -

No

Equal Opportunity Employer (EEO) - 

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement