Details
Senior IT Compliance Analyst, Privacy
Fulltime Perm position
Scope:
As part of the Global IT Compliance group, this role will be responsible for making decisions related to the design, implementation and assessment of Global IT privacy controls, including vendor risk assessments and data retention processes. The Senior IT Compliance Analyst will work closely with both internal cross-functional team members and external vendors and auditors.
Job Summary:
The Senior IT Compliance Analyst is responsible for developing, managing and overseeing the implementation and execution of Global IT privacy controls. This position will utilize sound judgment to drive IT compliance processes related to privacy regulations, PCI-DSS and IT vendor risk management. Work will include performing and coordinating vendor risk assessments, project managing data retention procedures, reviewing and updating the data security control framework, assessing and reporting on control status, and conducting the annual PCI-DSS assessments.
Essential Functions & Accountabilities:Travel Requirements:
International travel up to 10%, off-hour meetings
Qualifications
Knowledge, Skills and Abilities:
Work Environment:Experience:Education:
Fulltime Perm position
Scope:
As part of the Global IT Compliance group, this role will be responsible for making decisions related to the design, implementation and assessment of Global IT privacy controls, including vendor risk assessments and data retention processes. The Senior IT Compliance Analyst will work closely with both internal cross-functional team members and external vendors and auditors.
Job Summary:
The Senior IT Compliance Analyst is responsible for developing, managing and overseeing the implementation and execution of Global IT privacy controls. This position will utilize sound judgment to drive IT compliance processes related to privacy regulations, PCI-DSS and IT vendor risk management. Work will include performing and coordinating vendor risk assessments, project managing data retention procedures, reviewing and updating the data security control framework, assessing and reporting on control status, and conducting the annual PCI-DSS assessments.
Essential Functions & Accountabilities:
- Manages the IT vendor risk assessments process at a Global level working in collaboration with IT, Legal and business project teams. Works closely with project teams and business owners to communicate any gaps identified by risk processes and to collaborate in the design and monitoring of remediation or mitigation activities as needed.
- Maintains data mapping inventory of the newly acquired assets to report record of processing activities.
- Administers OneTrust tool to setup vendor assessments based on relevant frameworks and to tailor dashboards for reporting purposes.
- Manages data retention project working with IT application support teams, business owners, IT Security, and Legal for compliance with policies.
- Updates privacy control framework as needed and performs control assessments. Communicates gaps to control owners and collaborates with the design and implementation of remediation procedures.
- Plans, executes and documents PCI-DSS recertification processes.
International travel up to 10%, off-hour meetings
Qualifications
Knowledge, Skills and Abilities:
- Knowledge of the GDPR, CCPA, CPRA, LGPD, SOX, PCI DSS and FDA regulations
- Experience with SOC1, SOC 2, ISO Certification, and SOX IT assessments
- Knowledge of IT security, access management, systems development life cycle, change management, IT operations, and data center controls
- Knowledge and experience with IT control frameworks (e.g., COBIT, NIST Privacy, NIST Cybersecurity, NIST 800-53, CIS Top 20)
- Strong familiarity with technology and ability to suggest technological solutions
- Ability to effectively prioritize and execute tasks to manage projects and deliver results in a fast-paced environment
- Adapts readily to changes in workload, staffing and scheduling
- Detailed-oriented, independent and thorough in examination and analysis
- Ability to explain technical concepts to non-technical audiences
- Excellent analytical and problem-solving skills
- Excellent written, oral, and interpersonal communication skills
- Highly self-motivated and self-directed
- Extensive experience working in a team-oriented environment in a collaborative manner
- Normal office environment.
- Sedentary to light physical effort necessary to perform the job
- Extensive contact with employees in the US and global locations, and with external vendors and auditors
- 2-3 years IT internal controls, Cybersecurity or Privacy experience. 4 or more years of experience preferred.
- Bachelors degree in business, accounting, finance, computer science, information systems or a related discipline preferred, or associates degree combined with 4 or more years of relevant experience is required.
- CISA, CISSP, CIPP, CIA, CPA or equivalent certification preferred