IT controls –
- Facilitate annual (or more frequent) reviews of IT controls, narratives and associated process flows
- Perform maintenance of controls in the Controls Repository tool.
- Maintain IT users/assignments within the Controls Repository tool.
- Identify recommendations for improvements to IT controls, related processes and self-assessments
- Perform Reviews for IT Projects to identify new controls, modifications to controls or where existing controls apply
Quarterly self-assessments by management –
- Coordinate quarterly assessments with the IT business process owners.
- Provide summary and consultation to Directors/VPs in signing quarterly letters.
IT Control Owners Walkthroughs –
- Assist control owners with maintaining documentation for walkthroughs of controls.
- Work with Internal Audit on the scheduling and conducting control walkthroughs as part of audits.
Coordination of controls/compliance execution –
- Instigate performance of controls at defined times during the year.
- Monitoring that controls are executed and appropriately documented by the IT control owner at prescribed intervals.
- Track areas requiring remediation and work with control owners on remediation plans.
- Create and maintain compliance related IT corporate policies.
- Create and maintain documentation, including process flowcharts, for IT control / compliance related processes.
- Lead IT Risk Assessment Reviews.
Liaison with Financial Compliance, Internal Audit and External Audit for IT –
- IT representative for annual review and feedback for the development of the list of financially significant systems, associated business process owners and vendors that are involved in development and hosting activities for these systems.
- Interface with internal and external audit for IT compliance related matters.
- Work with Financial Compliance and Internal Audit on enhancements to IT Compliance, SOX audit and other areas related to compliance and controls to provide continuous improvement and value to the business.
- Manage PCI-DSS annual Assessment engagement with external vendor by acting as the single POC between the QSA and all internal stakeholders and control owners and timely delivery of required documentation to ensure annual Compliance.
- Facilitate the annual penetration test of selected Store’s network systems promptly addressing critical findings and managing remediation of identified issues.
- Work with control owners to address any potential issues or findings identified by the QSA during the assessment for immediate remediation or formalizing an Action Plan.
- Work with all credit card processors to ensure their acceptance of QSA reports and/or Attestation and thus ensuring SEI full compliance with processor’s specific requirements.
- Maintain a document depository of all artifacts and correspondence related to PCI-DSS compliance per year.
- Provide reports to IT management and other stakeholders on the PCI Program Status on a regular basis.