Compliance Analyst at Compeat
Are you eager to work in a role where you can geek out in the world of data security and protection where the frameworks of AICPA, SOC-1, SOC-2, CCPA, GDPR, HIPPA, and PCI DSS are what guide and intrigue you?
As Compeat’s Compliance Specialist, your role will be to help our teams understand how to be compliant with all relevant policies and regulations. You will become a subject matter expert in SOC-1 and SOC-2 compliance frameworks, as well as other compliance frameworks.
You will build relationships with all departments and become a trusted partner within the business to help us translate regulatory language into specific requirements. You will also help design testing strategies, conduct regular reviews of those tests, define compensating controls, work with the business to handle policy exceptions, and identify risks.
This is an important and critical position and we're excited about finding someone who is motivated about making a big impact, fast!
What You’ll Do:
- Adhere to a schedule of required governance, risk, compliance and audit tasks and activities.
- Be responsible for understanding and promoting compliance with contracts, compliance controls, relevant laws, regulations, industry security standards and frameworks.
- Assist with collection and analysis of risk data, recommending mitigating actions, and leading risk mitigation projects as assigned.
- Conduct research on current and emerging requirements related to regulations, laws, and rules affecting the business, as well as assisting with risk assessment process, privacy and control standards.
- Monitor appropriate sources for new vulnerabilities, evaluate the risk such vulnerabilities pose to the organization’s information and systems, and advise management of appropriate measures to eliminate or reduce the organization’s risk or exposure to such vulnerabilities.
- Monitor organizational initiatives to ensure they adhere to risk and compliance requirements.
- Assist with review of business policies and procedures, provide guidance to ensure effectiveness, ensure procedures are aligned with Information Security Policies and customer contracts.
- Maintain process flows, and heat maps identifying gaps, remediation plans and target SLAs (Service Level Agreements).
- Implement a risk exception process, track temporary exceptions, follow up on expiring exceptions.
- Assist in the monitoring and surveillance of external vendors and third-party relationships.
- Perform risk assessments and due-diligence evaluations for new and existing vendors.
- Contribute to the continued development of internal control awareness in the organization.
- Work with stakeholders to develop enhancements to organizational controls.
- Escalates promptly to appropriate team members and senior management any material breaches of applicable laws, rules, policies, tolerances, appetite, standards, tolerances, SLAs, etc.
What You’ll Need:
- Industry certifications preferred (e.g., CISA, CISM, CISSP, CRISC, GSNA, GLEG, etc.).
- 3+ years of experience with information technology security programs, audits, controls, risk assessments and remediation management.
- Familiarity with privacy laws, data protection/security regulations, written contract language and frameworks, such as AICPA, SOC-1, SOC-2, CCPA, GDPR, HIPPA, and PCI DSS.
- Experience with at least two Compliance audits.
- Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues and obstacles.
- Negotiation skills needed to obtain internal commitments to remediate risks and vulnerabilities.
- Strong analytical skills to analyze risks, evaluate control effectiveness and internal control frameworks, as well as to perform risk assessments and evaluations of vendor and third-party relationships.
- Excellent interpersonal and organizational skills; ability to analyze situations, respond independently, prioritize to meet deadlines, work under pressure, and be a team player while maintaining a positive attitude.
- Excellent communication, listening and facilitation skills.
- A willingness to mentor and guide fellow team members kindly and constructively.
- A desire to share knowledge and teach others.
- Customer-focused - a good steward of our clients' data and of our business.
- Experience with security frameworks such as NIST CSF, CIS Cybersecurity Framework, NIST 800-53, and others.
Compeat Hiring Practices:
Compeat is an equal opportunity employer and evaluates applicants regardless of an individual’s age, race, color, gender, religion, national origin, sexual orientation, disability or veteran status. Our combined differences are what make us Compeat!
Compeat doesn't accept unsolicited agency resumes and won't pay fees to any third-party agency or firm that doesn't have a signed agreement with Compeat.