Staff Technical Compliance Manager

The CG Segment is responsible for ensuring Intuit's customers can prepare and file their taxes securely and with confidence and know their data is managed with privacy in mind.

The Staff Technical Compliance Manager assists in ensuring our cross functtion Business Units such as Consumer Group, Platform Acceleration Group, Virtual Expert Platform, Customer Success and associated assets meet technical compliance requirements, including the ISO27001 standard, Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX) Information Technology General Controls (ITGC), the California Privacy Rights Act (CPRA), EU's General Data Protection Regulation (GDPR), IRS Section 7216, and Trusted Services Principles (SOC2). This role will work closely with Consumer Group (CG) segment teams and CyberCRAFT governance, risk and compliance teams to ensure Intuit offerings and uses of technology adhere to good security and privacy practices and meet regulatory and industry standard requirements. This includes working with internal and external auditors to oversee audit activities and monitor remediation of audit findings.

Responsibilities

The Staff Technical Compliance and Audit Specialist will:

• Assess the compliance posture of CG Segment assets relative to technical compliance requirements
• Assist teams in developing and implementing controls that satisfy relevant compliance frameworks
• Lead the annual NIST SP 800-53 review of security controls for the IRS and the Indiana Department of Revenue annual self-assessment (INDOR)
• Maintain process compliance and process evidence to fulfill audit requests
• Oversee execution of technical audits and audit-related activities, including PCI, SOX, SOC2 Type II and ISO27001
• Respond to requests for audit evidence
• Coordinate responses to security assessments (requests for information) from customers and business partners

Additionally the successful candidate for this position will:

• Develop strong relationships with the business to understand their goals, mission, business drivers and compliance posture
• Follow activities of external policy making bodies to understand the impact their decisions may have on Intuit's ability to maintain compliance as required
• Participate in discussions with Intuit workers and executives pertaining to design, implementation and operations of security, compliance and privacy practices
• Provide input on multi-year, cross-functional security, privacy and technical compliance strategy and roadmaps