Analyst, IT Internal Controls
St. Petersburg, Florida
At HSN you will enjoy a team-focused environment that thrives on innovation and encourages you to be part of a leading interactive entertainment and lifestyle retailer. Our dynamic IT teams bring people, process and technology together. They also work to ensure we create a stable operating environment and increase business productivity.
Check out the top traits we're looking for and see if you have the right mix.
- Technologically Savvy
We come together every day to challenge each other and bring the best ideas to life.
HSN is dedicated to empowering women and helping families in times of need. We are motivated and inspired by our passionate customers and team members. Together, we can make a difference.
Paid Time Off
At Qurate Retail, Inc. (NASDAQ: QRTEA) we believe in a Third Way to ShopSM – beyond transactional e-commerce or traditional brick-and-mortar stores – for customers who crave engaging shopping experiences.
We're a select group of like-minded businesses that provide customers with curated collections of unique products, made personal and relevant by the power of storytelling. We combine the best of retail, media and social to curate experiences, conversations, and communities for millions of highly discerning shoppers. We bring joy, inspiration, and humanity to shopping. We also curate large audiences, across our many platforms, for our thousands of brand vendors.
Job Description Details
The Analyst, Information Technology Internal Controls role is responsible for supporting IT in managing and assuring operational effectiveness of cybersecurity and compliance controls. The Analyst provides assistance related to Compliance (e.g., SOX, NIST CSF, etc.) and IT Security (e.g., ISO27001). New implementations as well as operational maintenance of existing business-critical applications will be examined. The role extends to any part of the business that has risk associated with information assets. The IT analyst reports directly to the Manager, IT internal controls.
Principal Accountabilities are:
- Assist technology team on control design and best practices
- Execute testing to validate cybersecurity and compliance policies are be followed
- Conduct assessments/audits to confirm operational effectiveness of IT general controls and identify risk
- Assist the Senior IT Analyst in providing risk metrics to management regarding audit performance and findings
- Assist control owners with root cause analysis and track risk management action plan progress
- Provide assistance in guiding efforts to create common control framework and uniform compliance reporting standard
- Performing examination of security controls to determine design and operational effectiveness.
- Gain an understanding of the risk assessments conducted by the business owners and support functions to incorporate relevant tests in assessment plans.
- Conducting IT controls management testing of controls independent of the audit schedule to save time during audits.
- Communicating with different levels of IT and business leaders on drivers of the information security risk assessment agenda.
- Preparing the communications schedule with all stakeholders — CISO, CIO, CFO, IA, etc.
- Assist in identifying and tracking assessment/audit performance metrics.
- Reviewing the IT audit risk assessments conducted by the QVC internal audit team members.
- Reviewing third-party attestation and audit reports, and providing feedback to business leaders and risk owners.
- Begin to collaborate and build relationships with the QVC internal audit team, their agents, and external auditors.
- Monitoring Information Security assessment best practices in the industry to determine opportunities for improvement, including tools and processes.
- Assisting business and support functions in evaluating tools and technology that support the enterprise's risk management approach.
- Bachelor’s Degree in Business, Accounting, Information Technology, Computer science or other quantitative discipline.
- 2-3 years of broad risk, compliance or IT controls experience
- 1+ years of audit/assessment experience with PCI, SOX, NIST CSF, HIPAA, ISO, or other cybersecurity frameworks
- Sound understanding of security principles including logical access controls, change control, least privilege, segregation of duties, computer operations, network security, vulnerability management, and secure coding.
- General technical understanding of data management platforms (e.g., IBM DB2, Oracle, Microsoft SQL Server, etc.) and associated data security controls.
- General technology acumen and the ability to assess data privacy gaps in products/services design
- Familiarity with common enterprise and web application technologies
- Familiarity with project management best practices and collaborating with PMO.
- Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x, ITIL, CSC20, COBIT and National Institute of Standards and Technology (NIST) frameworks.
- Familiarity with data protection regulations and standards (e.g., PCI, Safe Harbor, EU Data Protection Directive, etc.).
- Analytical and time management skills
- Ability to maintain a high degree of confidentiality
- Certified Information Security Auditor (CISA)
- PMI Project Management Professional (PMP)
- Payment Card Industry (PCI) Internal Security Assessor (ISA)
- Certified Information Privacy Professional (CIPP) or Certified Information Privacy Manager (CIPM)
- Industry Standard Security certifications including: SANS/GIAC GSNA, ISACA CISM, ISC2 CISSP, and ISC2 CSSLP.
About HSN, Inc.
HSN, Inc., is a leading interactive entertainment and lifestyle retailer, offering a curated assortment of exclusive products and top brand names to its customers. HSN incorporates entertainment, inspiration, personalities and industry experts to provide an entirely unique shopping experience. At HSN, customers find exceptional selections in Health & Beauty, Jewelry, Home/Lifestyle, Fashion/Accessories, and Electronics. HSN broadcasts reach approximately 90 million households (with live programming 364 days per year) and its website — HSN.com features more than 50,000 product videos. Mobile applications include HSN apps for iPad, iPhone and Android. Visit corporate.hsn.com to learn more. HSN, Inc., founded 40 years ago as the first shopping network, is a wholly owned subsidiary of Qurate Retail, Inc. (NASDAQ: QRTEA, QRTEB), which includes QVC, HSN, zulily and the Cornerstone brands (collectively, “Qurate Retail Group”), as well as other minority investments. Qurate Retail Group believes in a third way to shop -- beyond transactional ecommerce or traditional brick-and-mortar stores -- and is #1 in video commerce, #3 in ecommerce in North America and #3 in mobile commerce in the U.S. (according to Internet Retailer).
As an equal opportunity employer, Qurate Retail Group is committed to a diverse workforce and is also committed to a barrier-free employment process. In order to ensure reasonable accommodations for individuals pursuant to applicable law, individuals that require accommodation in the job application process for a posted position may contact us at CareersUS@QVC.com for assistance.
Click Apply and log in with your existing account or create an account. This will allow you to check the status of your application at any time and receive the most up to date communications from our Talent Acquisition team.
About This Location
Find out what it's like to live and work in St. PetersburgGoogle Map This Location