This site uses cookies. To find out more, see our Cookies Policy

Compliance Analyst-Vendor Assurance in Waltham, MA at APEX Systems

Date Posted: 2/8/2019

Job Snapshot

Job Description

Job #:  911284



Apex Systems combines with parent company On Assignment to make it the 2nd largest IT staffing agency in the country.

Apex has an opportunity for a IS Compliance Analyst/Auditor role in the Waltham, MA area. This is a Perm/Full Time position and the pay rate is flexible depending on experience. Here are the details: 

For applicants who are interested in this IS Compliance Analyst/Auditor opportunity; please send a Word resume to Claudio Baccari, Senior Professional Recruiter-Application Delivery Lead (ADL), at

Position: IS Compliance Analyst/Auditor

Apex Job ID: 911284

Location: Waltham, MA

Salary Range:  $100-110K plus full benefits package

Duration:  Full Time/Perm

Position Description:

Our client is a Large Utilities Company located in Waltham, MA that is looking for an IS Compliance Analyst/Auditor to fill a Full Time/Perm position on their team.


Responsible for support of the Vendor Assurance Program, evaluation of vendor risks in relation to services provided, assist Procurement teams in determining related risk and ensure contract terms and conditions align to Compliance and Risk Management needs. Responsible for vendor evaluations, identifying control deficiencies to ensure compliance with regulations and internal controls; recommend improvements in internal control structure; conduct independent assessments of third parties; conduct assessments for utility regulations, including NERC, PCI, MA 201, HIPAA, SOX, FERC and other international, federal and state regulations.
Vendor Assurance Senior Analyst Job Duties:

  • Support Vendor Assurance Program, integrating Risk and Compliance management into Procurement processes.
  • Manage complex environment of vendors providing services.
  • Work with third party service providers to evaluate control design and operating effectiveness.
  • Develop, plan and execute compliance assessment based on documented process.
  • Develop and execute clearly written test plans based on control objectives in a repeatable manner.
  • Ensure compliance with established internal control procedures by examining records, reports, operating practices, and documentation.
  • Develop plan to assess vendors throughout the year balancing workload and assessments.
  • Verify the design and effectiveness of controls to secure information system assets, including people, processes and technologies.
  • Complete work papers by documenting compliance assessments and findings clearly articulating test methodology and steps taken.
  • Prepare reports by collecting, analyzing, and summarizing information.
  • Prepare regular status reports for internal management.
  • Communicate findings by preparing a final report; discussing findings with auditees and documenting results.
  • Communicate findings with IS Risk to coordinate findings, develop action plans based on risks and confirm that appropriate steps are taken to close out findings.
  • Ensure controls support Compliance with International, Federal, State, and Local requirements; enforcing adherence and advising management on needed actions.
  • Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.
  • Contribute to team effort by accomplishing defined objectives and implementing agreed upon process improvements.
  • Work with internal stakeholders, including Regulatory, Legal and IS to build and maintain relationships and deliver value.
  • Others as Required

Job Requirements

Bachelor’s Degree in Information Security or a related field

3-5+ years’ of professional IS Auditing experience

Understanding of assessing third party service providers and associated risks

Understanding of SSAE 18, ISAE 3402, SOC 1, SOC 2 and AUP reports and principles

Understanding of SAP systems and controls

Strong presentation skills

Knowledge of control frameworks (COSO, CobIT, ISO, UCF, NIST)

Desired Skills (not required but candidate will have exposure to these skills in this role):

CISA – Desired

CRISC – Desired

CISM – Desired

Archer GRC (Preferred)

Understanding of utility regulations (Gas and Electric)

Understanding of third party risk management

Understanding of international regulations a plus

Understanding of key control Indicators a plus

Ability to demonstrate management of internal and external audit organizations

Additional Requirements:

Must be able to pass a background check and drug test

Candidate must be willing to travel up to 30-40% of the time (won’t be consistent), including international travel (all paid for by our client)

Apex Systems Inc. is an equal opportunity employer and encourages female and minority applicants to apply

EEO Employer

Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178