IT Compliance Officer

Manage compliance assessments across a broad range of programs, including PCI, ISO 27001, HITRUST, and other assurance programs as needed

The Compliance Analyst is a member of a cross functional team that is tasked with ensuring that the company's IT technology and IT operations are in alignment with the applicable regulations, standards, and contractual obligations. As part of this team, the IT Compliance Officer performs internal audits and assessments of IT assets, policies, and processes to validate they comply with all applicable standards and/or obligations. This role also manages external assessments that are conducted by customers, their partners, and third parties, to demonstrate the company’s alignment with customer security standards and controls.

Responsibilities:

Audit/assess IT controls to ensure compliance with regulatory, contractual, and internal standards and/or obligationsManage compliance assessments across a broad range of programs, including PCI, ISO 27001, HITRUST, and other assurance programs as neededConducted supplier due diligence reviewsSupport IT and business stakeholders to create clear, actionable plans detailing specific deliverables, timelines, and accountability to resolve information security issuesTracking and reporting of outstanding security-related issuesFacilitate the annual review of compliance policies, processes, and proceduresComplete daily, weekly, and monthly compliance reports and other scheduled reports as assignedComplete quarterly and semi-annual access recertificationReview and approve production change requestsParticipate in incident response drills and live events to ensure the team follows the defined incident response strategy, policies, and proceduresLead the implementation, communication, and training of awareness and compliance programsRemain up-to-date on regulatory changes and landscape, best practices and developments in the industryRepresent and advance a “compliance culture” within the organizationProvide 7x24 support for critical security issuesPerform other duties as assigned

Required Work Experience:

Strong knowledge and 5+ years of experience in PCI DSS, ISO 27001, and HITRUST frameworksStrong knowledge and 5+ years of experience in risk management frameworksStrong knowledge of Windows operating systems, network technology, mobile technologies, and business applicationsFirm understanding of audit methodologies and developing internal audit deliverables including process flows, work programs, audit reports, and control summariesFirm understanding of process areas including service management, change management, problem management, incident management and access management

Professional Competencies:

Excellent verbal and written communications and presentation skills with the ability to communicate with internal/external customers, suppliers, management etc. in both formal and informal situationsAbility to forge and maintain positive relationships with auditees to identify opportunities to improve ease of audit and assessment practicesAbility to research, analyze, and resolve issues stemming from non-complianceAbility to learn quickly and adjust to changes in technologyResults oriented, high energy, self-motivatedOrganized, responsible, and meticulousAble to prioritize multiple tasks in a fast-paced environment

Education Requirements:

BS in information systems, computer science or equivalent with 5+ years of hands-on compliance or IT audit experience in a large, global enterprise environmentIndustry recognized certifications such as CISA, ISO 2701 Lead Auditor, PCI ISA/QSA, HITRUST CCSFP preferred

*Must be willing to work on a hybrid set up, work on night shift or shifting schedule, and willing to have occasional domestic and international travel.