We are seeking an IT Risk Management & Compliance Analyst to help maintain a continuous state of compliance across multiple frameworks and to regularly monitor our compliance program’s effectiveness.
The day-to-day:- Communicating with partners across several product lines on compliance activities
- Leading the IT SOX activities as the second line of defense, providing advisory activities for Company systems
- Follow up on compliance evidence requests for audit regimes
- Assisting with audit support from both internal and external audit requests
- Interacting with auditors on the context of the risk associated with findings
- Performing formal and informal risk assessments
- Administrating a GRC tool
- 2+ years experience in the risk and compliance field focusing on ensuring that the company follows federal, state and industry regulations and standards
- 2+ years experience working with Sarbanes-Oxley ITGCs including auditing and/or implementation of controls
- Additional in-depth understanding of one or more IT compliance frameworks, including:
- ISO/IEC 27001:2013 (ISO 27001)
- NIST 800-171, 800-53, 800-122
- CMMC
- PCI DSS 3.2
- Privacy / PII
- Ability to prepare disparate development teams for the rigors of IT framework controls
- Deep understanding of laws and regulations related to enterprise security and risk
- Excellent administrative and organizational skills with attention to detail and a high degree of accuracy, together with the ability to manage several simultaneous projects under deadline pressure
- Exceptional interpersonal and communication skills, both oral and written; must be able to ask clear, concise questions involving complex technology to get requisite answers from business partners and colleagues.
- Experience with a GRC tool to optimize risk, compliance, and audit functions. Auditboard configuration experience preferred.
- Knowledge of security and compliance control implementation in both cloud and on-premise based technologies
- Ability to travel up to 10%
- BA or BS in a related field preferred
- Security and audit industry certifications including CISA, CIA, CISM, CISSP, SANS, CPA, etc.
- Previous experience as, or interacting with, a third party audit team auditing PCI DSS, ISO27001, NIST800-171 (now CMMC), and/or IT SOX
- Project management experience
- Experience with negotiation and problem/conflict resolution
- Mature knowledge of information technology: applications, back-office integrations, operations, and key business processes is required