30 days old

Senior IT Controls & Compliance Analyst

Company Confidential
Santa Ana, California 92707
  • Job Type
  • Job Status
    Full Time
  • Shift
    1st Shift

Join our team! As a global leader in providing title insurance, settlement services and risk solutions for real estate transactions, First American (NYSE: FAF) is an ideal place to build your career. We have been entrusted with helping our customers achieve and protect their dream of homeownership since 1889. We believe that our people are the key to the company’s continued success, and we invest in diverse talents and backgrounds and empower our teams to achieve more than they could anywhere else. First American has created an award-winning culture and has been named to the Fortune 100 Best Companies to Work For® list for the fourth consecutive year and to more than 50 regional Best Places to Work lists. For more information, please visit www.careers.firstam.com

Job Summary 

Responsible for assuring that packaged applications are compliant with First American’s Information Security policies and controls and are protected from unauthorized use, access, modification, perusal, inspection, recording or destruction. Responsible for establishing an App Dev security practice focused on packaged applications. Work closely with engineering teams of various enterprise packaged applications to champion secure SDLC practices. Partner with InfoSec to understand existing security landscape to determine ways to strengthen security posture for enterprise packaged applications.

Essential Functions

  • Lead the efforts to perform Secure SDLC (SSDLC) review and come up with recommendations for key components to be included to establish department wide security practice 
  • Lead the effort for identification and execution of tools and processes specific to large packaged applications that can be used to streamline and automate compliance and control activities
  • Translate Information Security policies into action for the engineering teams of pre-packaged applications
  • Perform IT Controls and Compliance (ITCC) self-assessments over IT controls and processes for all applications, analyze evidence, and provide audit results and recommendations to remediate findings and improve the control environment
  • Research remediation including vendor offered solutions, scope of remediation action, vendor engagement and pricing to support remediation
  • Champion secure coding best practices to shift left and incorporate early in the development lifecycle
  • Assess integrations for packaged applications and ensure that the architecture is secure, and data is secured in transit and at rest
  • Manage implementation of security changes for the department
  • Proactively detect security gaps and recommend appropriate solutions to fortify app security
  • Support department wide Information Security and IT compliance awareness, communication, and education programs
  • Develop and maintain an ongoing relationship with control owners and key stakeholders including Information Security, IT, business lines, Internal Audit, and external third parties
  • Maintain an understanding of Company and IT objectives and risks
  • Assist with other Information Security and ITCC initiatives as needed
  • Perform ongoing education and training (when needed) for department in Information Security related areas

Typical Education

  • Bachelor’s Degree or equivalent experience

Typical Range of Experience

  • Minimum 4 years relevant work experience in Information Security, IT Risk Management, IT Governance or IT Audit with a focus on packaged applications
  • Experience with handling audits and compliance related activities with ERPs and other packaged applications is a must
  • Effectively communicate IT compliance expectations to engineering teams and key stakeholders
  • Technical background with experience working with vendors required
  • Big 4 SSDLC, Audit and Security/Risk practice experience preferred
  • Gain support and consensus with multiple stakeholders and partners (internal and external)
  • Manage multiple initiatives simultaneously, with strong ability to prioritize
  • Customer focused in the context of balancing risk reduction with business needs
  • Strong analytical skills, excellent organizational skills are required
  • High attention to detail to manage, analyze and finalize artifacts and documents
  • Good oral and written communication skills; strong presentation skills
  • Highly flexible, adapting to changes in priorities and requirements
  • Development and maintenance of program-related documentation
  • Ability to quickly learn, communicate and apply technical concepts

License or Certification

  • Relevant, industry recognized security certification such as CISA, CISM

First American invests in its employees’ development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer. For more information about our Company and our dedication to putting People First, check out firstam.com/careers.


Posted: 2020-01-23 Expires: 2020-03-23

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Senior IT Controls & Compliance Analyst

Company Confidential
Santa Ana, California 92707

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast