• Compliance Programs Manager (Government Auditing/Assurance)

    Job Locations US-NC-Cary
    Requisition ID
    Visa Sponsorship
    Travel Requirements
  • Overview

    Germany SAS



    As an Audit & Compliance Programs Manager you will help ensure that staff working on SAS Solutions OnDemand projects operate within the policies and procedures set forth by SAS Solutions OnDemand as well as applicable company, state, federal, and international laws.  A secondary focus is to operate in a consulting role, auditing and facilitating remediation of continuous improvement efforts across the business.


    Your responsibilities may include:

    • Plan and lead internal inspections, audits and benchmarking of security policies against regulations and standards (for ex: ISO 27001, HIPAA, IRS 1075, NIST 800-53, FedRAMP). 
    • Advise and assist with annual IT security risk assessment activities and required remediation based on chosen standard(s) across applicable SAS teams and divisions.
    • Conduct risk assessments to determine risks to be included in the annual audit plan.
    • Advise on compliance, audit and/or security requirements within the government market.
    • Assist with maintaining a library of up to date standard audit programs and checklists.
    • Prepare or customize audit procedures to align with ISACA and other professional organization audit standards.
    • Participate in security investigations and compliance reviews, as required by customer requirements or internal or external audits.
    • Operate as a consultant, researching and recommending changes to enhance or streamline quality and information security procedures, including internal and external auditing.
    • Review hosting, security, and audit contract terms and ensure compliance to current policies and processes.
    • Help maintain the Quality Management System, including hosting IT and security policy and process development and updates, while ensuring compliance with regulatory regulations and guidances.
    • Interface with customer auditors to discuss security or IT hosting operations-related concerns during pre and post sales activities.
    • Effectively communicate, facilitate, present, and train both technical and non-technical small and large audiences, regarding hosting and security requirements and procedures.
    • Coordinate responses to RFP and security questionnaires.
    • Must have the ability to work with little supervision, escalating issues, as appropriate.
    • Perform other duties, as assigned.




    • Bachelor's degree in Business, IT, Computer Science  or related  field
    • 3-5 years of functional experience in project management, management consulting, IT, audit/compliance or related field.
    • 2-4  years of experience in a regulated (pharmaceutical, banking, insurance, government) industry (may be concurrent with the above functional experience)
    • Understanding of best practices for information security and data privacy
    • Understanding of regulatory standards:  FDA Part 11, PCI,  FISMA/NIST 800-53, or  IRS 1075
    • Knowledge and experience with best practices /standards: ITIL, COBIT, GAMP5, or ISO 27001 
    • Knowledge of IT or quality auditor procedures and tools (not financial/accounting)

    Additional / Preferences

    • Use and/or implementation of a GRC tool (ex: ServiceNow, Archer, Teammate, Thompson Reuters)
    • Management consulting experience
    • Experience with ServiceNow issue management ticketing system
    • Auditor or security certification, such as CISA, IIA or CISSP, or equivalent professional certification and/or training
    • SAS software implementation experience or prior implementation experience
    • IT hosting experience
    • Travel as business requirements dictate at management discretion 


    SAS looks not only for the right skills, but also for a cultural fit. We seek colleagues who will contribute to the unique culture that makes SAS such a great place to work. We look for the total candidate: technical skills, culture fit, relationship skills, problem solvers, good communicators and, of course, innovators. Candidates must be ready to make an impact.


    Additional Information:

    To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status.SAS is an equal opportunity employer.  All qualified  applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.


    Want to stay up to date with SAS culture, products and jobs? Follow us on LinkedIn LinkedIn Logo


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share with your networks