The Compliance Analyst position is a senior level position that requires experience in defining, documenting and managing Compliance assessments, audits, risks bringing exceptional business related judgement. The successful candidate shall have knowledge of compliance standards, as well as, experience managing audits and assessments, and technical knowledge sufficient to support Data Center and cloud hosted environments discussions. Analyzes and evaluates Compliance risks and provides appropriate mitigation strategies. Partners with technical leads in analyzing findings and the development of remediation plans, procedures, and standards. Responds to client questions and provides reports as necessary.

Key Roles/Responsibilities:

• Develop and use techniques, process, procedures, and utilities to manage assessments and audits through Blackbaud’s evidence repository
• Work with both internal and external resources to conduct assessments and audits, address gaps, and ensure compliance with regulatory and industry requirements
• Act as ‘subject matter expert’ (SME) to other internal customers and departments in the area of Compliance
• Identifies and conducts Compliance pre-assessments, identifies findings, mitigating controls, and presents assessment reports to management and key stakeholders
• Provides consultation, guidance, and input to the design, implementation, and operation of appropriate technical, physical, and administrative controls to ensure the protection and compliance of the company's sensitive information systems
• Ensure newly identified software designs or acquisition software are adhering to Compliance requirements
• Work with Security Operations, Security Engineering, Risk Mgt. to facilitate assessments and audits
• Communicate and provide regular updates to Management
• Manage the customer and pre-sales request process for SOC/PCI/HIPAA, delivering reports as necessary to our customers. 
• Provide pre and post assessment lessons learned, gathering information from the current assessments and provide on-going list of improvements
• Create and maintain high-quality documentation which summarizes and explains all relevant newly published requirements from the PCI Council and the AICPA

Qualifications:

• College degree in Computer Information Systems, Computer Science, Information Security, or equivalent professional experience
• A minimum of five (5) years progressively responsible experience in Compliance
• A combination of experience, education, and training which substantially demonstrates the following knowledge, skills, and abilities:
  • Mid-level knowledge of PCI-DSS and SOC standards
• Experience with GRC (governance, risk, and compliance) system management where the Compliance Analyst should possess knowledge of the following concepts, skills and technologies:
  • Applications, network architecture, multiple platforms and new technologies from a security perspective to include, but not limited to, Firewalls; Intrusion Detection/Protection Systems; Operating Systems (UNIX, Windows); Networking (switches, routers, protocols, etc.); Network Services and Security Vulnerabilities; Network Architecture; Remote Access; Multi-factor Authentication; Platform Security (Application, Database, OS); Antivirus; Cryptography; Active Directory; and high-level programming languages