IT Compliance Officer

The Compliance Analyst Team is a member of a cross functional team that is tasked with ensuring that the company's IT technology and IT operations are in alignment with the applicable regulations, standards, and contractual obligations. As part of this team, the IT Compliance Officer performs internal audits and assessments of IT assets, policies, and processes to validate they comply with all applicable standards and/or obligations. This role also manages external assessments that are conducted by customers, their partners, and third parties, to demonstrate the company's alignment with customer security standards and controls.

Responsibilities:

• Audit/assess IT controls to ensure compliance with regulatory, contractual, and internal standards and/or obligations
• Manage compliance assessments across a broad range of programs, including PCI, ISO 27001, HITRUST, and other assurance programs as needed
• Conducted supplier due diligence reviews
• Support IT and business stakeholders to create clear, actionable plans detailing specific deliverables, timelines, and accountability to resolve information security issues
• Tracking and reporting of outstanding security-related issues
• Facilitate the annual review of compliance policies, processes, and procedures
• Complete daily, weekly, and monthly compliance reports and other scheduled reports as assigned
• Complete quarterly and semi-annual access recertification
• Review and approve production change requests
• Participate in incident response drills and live events to ensure the team follows the defined incident response strategy, policies, and procedures
• Lead the implementation, communication, and training of awareness and compliance programs
• Remain up-to-date on regulatory changes and landscape, best practices and developments in the industry
• Represent and advance a compliance culture within the organization
• Provide 7x24 support for critical security issues
• Perform other duties as assigned

Required Work Experience:

• Strong knowledge and 5+ years of experience in PCI DSS, ISO 27001, and HITRUST frameworks
• Strong knowledge and 5+ years of experience in risk management frameworks
• Strong knowledge of Windows operating systems, network technology, mobile technologies, and business applications
• Firm understanding of audit methodologies and developing internal audit deliverables including process flows, work programs, audit reports, and control summaries
• Firm understanding of process areas including service management, change management, problem management, incident management and access management
  

Professional Competencies:

• Excellent verbal and written communications and presentation skills with the ability to communicate with internal/external customers, suppliers, management etc. in both formal and informal situations
• Ability to forge and maintain positive relationships with auditees to identify opportunities to improve ease of audit and assessment practices
• Ability to research, analyze, and resolve issues stemming from non-compliance
• Ability to learn quickly and adjust to changes in technology
  Results oriented, high energy, self-motivated
• Organized, responsible, and meticulous
• Able to prioritize multiple tasks in a fast-paced environment

Education Requirements:

• BS in information systems, computer science or equivalent with 5+ years of hands-on compliance or IT audit experience in a large, global enterprise environment
• Industry recognized certifications such as CISA, ISO 2701 Lead Auditor, PCI ISA/QSA, HITRUST CCSFP preferred

*Must be willing to work on a hybrid set up, work on night shift or shifting schedule, and willing to have occasional domestic and international travel.