Compliance & Audit Associate

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it , our most valuable asset is our people. Here you'll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage an d passion to drive life-changing impact to ZS.
Our most valuable asset is our people .
At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems-the ones that comprise us as individuals, shape who we are and
make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.
ZS's Corporate Enterprise Functions operate the firm's core internal functions. Our global teams comprise team-oriented, pragmatic and results-driven people who thrive in a challenging work environment. Our people come from diverse backgrounds but share a passion for quality customer service and dedication-whether our customer is a client or another ZS employee.
Information Technology provides products and services to ZS to ensure successful business outcomes. IT provides internal information technology solutions and support for ZS, including custom enterprise Web and ERP applications, IT infrastructure and technology support.
COMPLIANCE AND AUDIT ASSOCIATE
We are currently seeking applicants for the position of Compliance and Audit Associate to join our US IT GRC Compliance and Audit team. The position will support various, management directed, IT & Infosec internal audit and compliance initiatives which include ongoing monitoring of the quality of operations of our Software as a Service (SaaS) products and solutions and business line offerings with ZS mandated standards, policies and procedures. Qualified candidates will possess the skills detailed below and relevant work experience. Please note, this position is not client facing and does not require travel to client sites, unless specifically directed by management. This position may require travel to other ZS offices to assist with audits, as directed.
What you'll do:
Audit Execution & Risk Management

• Conduct scheduled audits based on control frameworks (ISO, SOC 2, NIST, HITRUST, HIPAA etc.).
• Perform IT risk assessments, including third-party cloud vendor security and privacy evaluations.
• Review system configurations, logs, and access controls to ensure compliance with security policies.
• Document audit findings, maintain records, and track remediation efforts.
• Collaborate with teams to address compliance gaps and execute corrective measures.

Compliance Monitoring & Documentation

• Monitor adherence to IT & Infosec policies, security controls, and operational standards.
• Update and maintain compliance records, documenting control assessments and findings.
• Track policy violations and compliance breaches, escalating as necessary.
• Coordinate remediation actions, ensuring timely resolution of identified issues.

Security & Incident Response

• Investigate compliance incidents, report findings, and document mitigation steps.
• Ensure timely responses to security audit requests from internal teams and external stakeholders.
• Coordinate with IT teams to resolve security vulnerabilities identified during audits.

Policy Development & Training

• Draft and update IT & Infosec policies, including change management, access control, and incident response.
• Train employees on compliance requirements and security best practices.
• Develop training materials and conduct awareness sessions for impacted teams as required.

Vendor & Client Compliance Support

• Conduct security reviews for third-party vendors and assess their compliance.
• Respond to client RFPs, RFIs, and audits, providing necessary documentation.
• Collaborate with Legal, HR, and Finance teams to ensure contract compliance.

Disaster Recovery & Business Continuity

• Participate in DR planning and testing, verifying system resilience.
• Assess backup and recovery procedures, ensuring compliance with industry standards.
• Liaise with stakeholders to strengthen incident response strategies.

Project Management & Continuous Improvement

• Lead compliance initiatives, tracking project milestones and deliverables.
• Identify process improvements and propose solutions for efficiency gains.
• Stay updated on IT and Cybersecurity regulations, industry best practices, and security trends.

What you'll bring:

• BS/BA in Management Information Systems (MIS), computer science or related field with record of high academic achievement required;
• At least 1 year of experience performing IT audits, end to end, including the documentation of audit plans, audit test scripts, audit narratives, test results, findings and remediation recommendation listings;
• At least 2 years of experience participating in IT audit engagement lifecycles (e.g. US SOX, US SOC1 & SOC2 audits) with some senior personnel oversight. Lifecycle includes the planning, execution, communication, and reporting phases of an audit engagement;
• Experience maintaining risk and control registers, audit plans, findings and remediation recommendation registers.
• Experience documenting IT & Infosec policies and procedures (e.g. IT change management, logical and physical access, data backups and restoration processes);
• Excellent communication and organizational skills - preferably with international exposure;
• Excellent command over the English language, verbal and written; experience writing IT & Infosec audit narratives and reports required;
• Ability and willingness to work hours which overlap with International time zones (e.g. India Time zone);
• Ability and willingness to travel to other ZS offices, as needed, to assist with compliance and audit engagements.

Technical expectations include:

• Basic working knowledge of web-based applications, operating systems and databases including Windows Active Directory, Linux, Microsoft SQL and Oracle;
• Proficient in MS Office productivity suite (e.g. Word, Excel, PowerPoint, Access, SharePoint);
• Basic working knowledge of various control frameworks including:
• COBIT - Control Objectives for Information and Related Technology
• ISO/IEC 27001:2022 - Code of Practice for Information Security Management
• NIST SP 800-53
• NIST CSF 2.0
• HIPAA
• HITRUST
• Shared Assessments Standard Information Gathering (SIG) framework
• Basic working knowledge of various laws directly or indirectly impacting data security and privacy requirements worldwide including:
• US SOX - Sarbanes Oxley Act
• US HIPAA/HITECH Act
• EU GDPR - General Data Protection Regulation
• US EU Privacy Shield
• India IT Act (data privacy provisions)

Perks & Benefits:
ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member.
We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections.
Travel:
Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures.
Considering applying?
At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above.
ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law.
To Complete Your Application:
Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.
NO AGENCY CALLS, PLEASE.
Find Out More At:
www.zs.com
#LI-SR4
Salary: $85,000.00 - $94,675.00