Address
SalaryThe Principal Compliance Analyst position is a position that requires experience leading, defining, documenting, and managing System and Organization Controls (SOC) assessments, bringing exceptional business-related judgement in how the controls are stated and adhered to. The successful candidate shall have knowledge of compliance standards, as well as, experience managing audits and assessments, and technical knowledge sufficient to support Data Center and cloud hosted environments discussions. Analyzes and evaluates Compliance risks and policies and provides appropriate mitigation strategies. Partners with technical leads in analyzing findings and the development of remediation plans, procedures, and standards. Responds to client questions and provides reports as necessary.
Role Responsibilities:
Work with both internal and external resources to conduct SOC assessments and audits, address gaps, and ensure compliance with regulatory and industry requirements.
Act as ‘subject matter expert’ (SME) to other internal customers and departments in the Compliance area specific to SOC reporting.
Speak to the effectiveness of controls currently in place and advise on control objectives along with the key controls and compensating controls.
Identifies and conducts Compliance pre-assessments, identifies findings, mitigating controls, and presents assessment reports to management and key stakeholders.
Provides consultation, guidance, and input to the design, implementation, and operation of appropriate technical, physical, and administrative controls to ensure the protection and compliance of the company's sensitive information systems.
Ensure newly identified software designs or acquisition software are adhering to Compliance requirements.
Work with Security Operations, Engineering, Risk Mgt. to facilitate assessments and audits.
Provide pre and post assessment lessons learned, gathering information from the current assessments and provide on-going list of improvements.
Create and maintain high-quality documentation which summarizes and explains all relevant newly published requirements from the PCI Council and the AICPA.
Directly support Third Party Risk Management (TPRM) program operations that will include ongoing collection of audit reports and certifications, tracking third party risk assessments, maintaining vendor risk profiles, and helping identify process improvement capabilities to further mature and fortify strategies.
Track and ensure TPRM program continues to adhere to regulatory standards and best practice including PCI DSS, GDPR, HIPAA, TX-RAMP, and the NIST 800-53 Cybersecurity Framework (CSF).
Assist enterprise risk governance operations that serve to ensure regulatory, legal, and contractual obligations to internal and external stakeholders are in place and operating effectively.
Desired qualifications and experience:
5+ years progressively responsible experience in Compliance.
A combination of experience, education, and training which substantially demonstrates the following knowledge, skills, and abilities:
High-level knowledge of SOC standards and controls, and a Mid-level knowledge of PCI-DSS.
Experience with GRC (governance, risk, and compliance) system management where the Compliance Analyst should possess knowledge of the following concepts, skills and technologies:
Applications, network architecture, multiple platforms and new technologies from a security perspective to include, but not limited to, Firewalls; Intrusion Detection/Protection Systems; Operating Systems (UNIX, Windows); Networking (switches, routers, protocols, etc.); Network Services and Security Vulnerabilities; Network Architecture; Serverless platforms; Remote Access; Multi-factor Authentication; Platform Security (Application, Database, OS); Antivirus; Cryptography; Active Directory; and high-level programming languages.
Stay up to date on everything Blackbaud, follow us on Linkedin, Twitter, Instagram, Facebook and YouTube
Blackbaud is a remote-first company which embraces a flexible remote work culture. Blackbaud supports hiring and career development for all roles from the location you are in today!
Blackbaud is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.
To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.
A notice to candidates: Recruitment Fraudulent Alert:Your personal information and online safety as a candidate mean a lot to us! At Blackbaud and our portfolio of companies, recruiters only direct candidates to apply through our official careers page athttps://careers.blackbaud.com/us/enor our official LinkedIn page. Recruiters will never request payments, ask for financial account information or sensitive information like social security numbers, or conduct interviews via Skype. Anyone suggesting otherwise is not a representative of Blackbaud. If you are unsure if a message is from Blackbaud, please emailblackbaudrecruiting@blackbaud.com.
The starting base pay is $77,700.00 to $104,500.00. Blackbaud may pay more or less based on employee qualifications, market value, Company finances, and other operational considerations.Benefits Include:
Medical, dental, and vision insurance
Remote-first workforce
401(k) program with employer match
Flexible paid time off
Generous Parental Leave
Volunteer for vacation
Opportunities to connect to build community and belonging
Pet insurance, legal and identity protection
Tuition reimbursement program
