Cisco Systems Looking for Risk Manager – SOX IT Controls & Compliance at Bengaluru, Karnataka Full Time

The right candidate will be responsible for supervising and assessing the internal control environment for Information Technology (IT) Controls to ensure compliance with various regulatory requirements. This includes Sarbanes Oxley Compliance, SOC (System and Organization Controls for Service Organizations), Data Privacy and Protection and other compliance standards impacting IT.

You will assist Cisco in optimizing control activities, organizational strategy, and policies and procedures. You’ll conduct transaction testing, perform readiness assessments, and leverage various technical Information Technology controls (e.g., databases, operating systems, data warehouses, and reporting tools) to help assess Cisco’s IT control environment.

You’ll be part of a team responsible for crafting and updating process flows and control documentation, performing walkthroughs of controls, identifying and assessing the key controls that mitigate various compliance risks, perform testing of controls and document control deficiencies and communicate exceptions to Leadership. You should have a proven record of success with completing work you’re doing related to the following:

Identifying key risks and controls, knowledge of Sarbanes Oxley readiness, controls optimization, including the configuration of controls around security, business process and within IT environments.

Collaborating with various IT departments and control owners to understand, assess and address financial (i.e., SOx) and other relevant operational and compliance risks and exposures.

Evaluating Information Technology General Computer Controls (ITGCs) for in-scope systems that support the company’s internal controls over financial reporting for both design and operating efficiency. Key domains of ITGC assessment include: change management, access to programs and data, computer operations and systems development.

Evaluating ITGCs over ERP systems including Oracle, SAP, Oracle Database, Web Development Tools, Unix, Linux and other relevant security technologies;

Evaluating relevant SOC1 and SOC2 reports to assess the control objectives, control activities and entity user control considers as they relate to the control environment.

Detailing the company’s evaluation of IT control deficiencies to resolve severity of the deficiencies and impact to the company’s internal controls over financial reporting based on PCAOB Auditing Standard No. 2201.

Supervising remediation activities relevant to any IT control deficiencies and follow-up on remediation and retesting of the controls as necessary;

Communicating and aligning on the nature, timing and extent of IT control testing with external auditors and share relevant control testing with external auditors for their use in the execution of their external audit.

Identifying and recommending changes to improve efficiency as well as process for IT key controls and process flow.

Conducting an analysis of internal policies, guidelines, procedures and processes to evaluate the accuracy and adequacy of internal controls, operations, and reporting impacting regulatory compliance requirements as needed.

Providing direction and support to the IT Controls Owners for the design, collection, analysis and reporting of financial and operational risk data.

Updating and maintain the IT control database; coordinate and facilitate the execution of control testing, review test work papers for quality and act as SME for key IT processes.

Participating with other Risk Management teams to identify current and emerging risk exposures and develop appropriate risk mitigation strategies related to IT; and

Conducting training sessions as needed with various IT organizations and IT control owners to communicate ongoing compliance requirements.

Who You’ll Work With

You’ll be part of the IT Financial Compliance & Operations (FCO) team. This team partners with the Business, IT, Risk Management and Internal Audit organizations to implement the IT Scope under a company-wide program for IT control compliance. This covers existing controls compliance and Control Readiness activities for prospective changes driven by key corporate critical initiatives.

The IT FCO team is also an advisor to the IT organization that includes a broad scope of IT Compliance initiatives. You will operate as a Strategic Partner with key collaborators to include Project Teams, IT Process Leads, IT Control owner community and IT leadership, external auditors, Business Process Teams and respective multi-functional organizations.

Who You Are

You are an organized, driven and motivated individual with excellent organization skills with attention to detail. You are an effective communicator with good communication skills with the ability to work with multi-functional teams. You have a natural curiosity to learn about new regulatory compliance or understand groundbreaking programs and problems tackle these in partnership with SMEs in Cisco to implement the right set of controls that mitigate IT compliance risks.

Our minimum requirements for this role:
BA/BS degree with a strong academic record

CPA or Certified Information Systems Auditor (CISA) license preferred.

Big 4 Accounting Experience preferred.

Public accounting Experience required.

Project Management Experience

6+ years proven track record with an emphasis on evaluation of internal controls or operational risk in one or more of the following areas: IT Processes and General Controls, operational/enterprise risk management, audit, accounting, Sarbanes Oxley, Regulatory compliance or Resiliency & Business Continuity

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.

We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (36 years strong) and only about hardware, but we’re also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!

But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)

Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward.

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!

Message to applicants applying to work in the U.S.:
When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate’s hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings. Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday, plus a day off for their birthday. Employees accrue up to 20 days of Paid Time Off (PTO) each year and have access to paid time away to deal with critical or emergency issues without tapping into their PTO. We offer additional paid time to volunteer and give back to the community. Employees are also able to purchase company stock through our Employee Stock Purchase Program.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco pays at the standard rate of 1% of incentive target for each 1% revenue attainment against the quota up to 100%. Once performance exceeds 100% quota attainment, incentive rates may increase up to five times the standard rate with no cap on incentive compensation. For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.