As Compliance Analyst you would be a member of an agile team that is focused on how to maintain and iterate Cybersecurity policies and standards, evaluate control effectiveness, and comply with emerging laws and regulations at the scale and speed necessary to protect Pivotrees people, data, and reputation by ensuring information security best practices are implemented and followed. You will have the opportunity to influence the controls designed to manage, develop, deploy, and support security requirements globally, as well as evaluate the effectiveness over those controls.
Roles & Responsibilities:
- Researches and Evaluates security and IT financial compliance risk in order to factor that information into the development of security standards, procedures, and controls to manage that risk, with a mindset of continuous process improvement
- Maintains central repository of Pivotree ISMS documentation, communicating and training staff on industry standards
- Partners with stakeholders and customers across Pivotrees Business Units to harmonize policy and standard content
- Proactively identifies and resolves issues in controls and determines new controls to be put in place to address gaps facilitates third party external audits, such as, PCI, SOC1/2/3 and ISO 27001
- Monitors ever changing regulations to ensure Pivotrees controls remain in compliance
- Delivers and assists other team members in risk identification and mitigation strategies, control documentation, evaluation of control design, evaluation of control operation, reporting of control deficiencies, and remediation strategies
- Creates cyber security reports and dashboards to facilitate transparency and highlight the effectiveness of the cybersecurity program
- Effectively communicates technical and non-technical content to diverse audiences
Key Skills & Competencies:
- A degree in Computer Science, Information Security, Cyber Security, Risk Management, or Information Technology or equivalent experience and accredited compliance management certification preferred
- Interest in continual learning and willingness to invest time obtaining security certifications, such as, GSEC, CISA, CISM or CISSP
- Understanding of Cybersecurity risk and governance standards, with NIST, ISO27001, SOC1/2 and PCI/DSS experience preferred
- Previous experience as a compliance analyst in a related field
- Excellent written communication skills, demonstrated ability to formulate compliance policies, procedures, and related documentation
- Advanced analytical abilities
- Effective research and professional networking skills
- Detail focus, with the ability to accurately complete applications for compliance certification
- Experience identifying and performing data classification with the intent to ensure appropriate control and authorization are present
- Quantitative Risk Management: Experience implementing quantitative risk methodologies and integrating them into business activities
- Third-Party Risk Management: Experience in completing 3rd party risk assessments
- Experience creating and maintaining partnering relationships with business leaders at director and manager level with the capability to provide interaction and executive level communications