The job profile for this position is IT Project Management Senior Advisor, which is a Band 4 Senior Contributor Career Track Role.

Excited to grow your career?

We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply!

Our people make all the difference in our success.

SOC 1 Compliance and Delivery Manager

**This is a senior, individual contributor role**

Job Description:

This is a global role focused on leading SOC1 compliance and delivery of general computing control testing support for System and Organization Controls (SOC1) Reports. The SOC1 Compliance and Delivery Manager will collaborate with organization-wide Technology teams to drive SOC control and risk mitigation practices for Evernorth, identify gaps in controls, and support audit activities. The successful candidate will have the knowledge and skillset to understand audit best practices and serve as a subject matter expert over technology controls and SOC1 execution.

Responsibilities:

• Partner with internal and external auditors to coordinate SOC1 audit timelines, engagement planning, technology controls testing, fieldwork, process walkthroughs, and reporting across multiple Evernorth reports
• Prepare, review, and deliver documentation and reports for internal and external stakeholders
• Coordinate with external auditors to ensure timely completion of SOC audits and report issuance
• Execute key functions of Internal Audit’s SOX/SOC oversight program for Evernorth
• Coordinate testing oversight, evidence gathering, deficiency analysis, and additional testing in support of external and internal audit teams
• Assist with reporting on and maintaining key measures of success for SOC Compliance efforts
• Collaborate with Financial Compliance team to assess scope and facilitate testing coverage
• Meet frequently with control owners to assess compliance with audit requests and stay appraised of changes in the environment
• Identify and communicate internal and external security/audit risks through analysis of control evidence
• Collaborate with technical teams to interpret control requirements and assess design and operating effectiveness of key controls
• Assess the effectiveness of IT general controls, including system development, security, change management, backup, batch/automated processing controls
• Review and provide feedback on scope changes to systems and infrastructure (including AWS, AI, and other technologies) and integrate them into SOX/SOC testing strategy
• Assist internal SOX testing team in execution of annual SOX/SOC test program
• Review and respond to internal and external data requests for regulatory audits
• Advise management on control implementation, remediation, and process changes, including follow-up on identified gaps
• Influence senior and line management on risks and control matters, and advise on remediation efforts
• Manage and review the work of staff performing control assessments, providing feedback and improvement opportunities
• Contribute to process improvements, including establishing continuous monitoring models and staying current on emerging technology trends

Qualifications:

• Bachelor’s degree in a related field with 7+ years of relevant experience
• Strong understanding of controls, risk, and audit methodology over information technology
• Certifications such as CISA, CIA, CISM, or CISSP preferred
• Expertise in executing or managing regulatory compliance audits such as SOC1, SOC2 and SOX
• Experience in auditing pharmacy benefit manager (PBM) and corporate functions preferred
• Excellent written and verbal communication skills
• Innovative enterprise mindset (self- starter, action oriented, results driven), self-starter, a proactive individual with drive to improving strong internal compliance processes

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

Please note that you must meet our posting guidelines to be eligible for consideration. Policy can be reviewed at this link.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.