Sr. Compliance Analyst, FNTS

ABOUT FNTS

As a nationally recognized Cloud Service Provider, FNTS has a proven history guiding our customers through their cloud journey.

FNTS has a passion for all things multi-cloud and provides flexible cloud solutions, with a continued focus on orchestrating agility, transparency and IT optimization for our customers, all while keeping cost containment top-of-mind.

With an elevated security posture consisting of layered security solutions, FNTS specializes in partnering with customers in highly regulated and compliance-driven industries.

Our culture and our employees are the heart of our story and we’re committed to their success! Please see below the details of this career opportunity and how it fits into our organization’s success.

Our Modern, Flexible Workplace :

We believe in a Modern, Flexible Workplace, and we are continuously exploring advancements in technology and office environments to make it easier to work from anywhere at any time, allowing for more flexibility in where and how you work.

We know that choice and flexibility are important to you. We also recognize that flexible and remote positions can become opportunities for military partners, caregivers, and individuals with disabilities to thrive at our company.

We invite you to consider what a Modern, Flexible Workplace can mean for you!It is anticipated that an incumbent in this role will work onsite for three (3) or more days a week and will have a dedicated workspace when working onsite.

Work location is subject to change based on business needs.

Summary of The Job :

FNTS is seeking an experienced individual passionate about compliance audits to join our team as a Privacy & Security / Risk & Compliance Analyst.

The ideal candidate is driven by identifying and reducing organizational risks through the compliance and governance program ensuring the organization meets requirements.

This position functions as a team member in the FNTS Information Security Department, reporting to the Sr. Director. The Analyst assists with the successful completion of annual audits.

The Analyst will also lead the review / creation of procedures, implementation of processes, enforcement of computer system security configurations and solutions across internal and client environments in order to ensure the protection of sensitive confidential information.

The Analyst will also be instrumental in the maturation of an internal control testing framework, implementing and maintaining the eGRC solution, and assist performing various risk assessments.

Other responsibilities include assessing IT risks, evaluating & mapping controls, designing appropriate IT audit testing and staying abreast of the changing privacy, compliance / governance landscape.

About This Role : Key Responsibilities

Key Responsibilities

• Serve as a lead or primary point of contact for company audits including, but not limited to : PCI-DSS, SSAE 18 SOC 2 (Privacy, Security, & Availability) and various internal audits
• Execute compliance-related audits at supervisor’s direction, lead / plan, test, compile evidence, quality assurance checks and schedule / facilitate walk-through meetings with auditors
• Work closely with external / internal auditors and multiple internal technical teams to gather audit evidence
• Assist with the maturation of the governance and compliance program and common control testing framework(s)
• Advise on updated privacy laws, regulations and frameworks that have the potential to impact the governance and compliance program
• Evaluate and determine audit controls and request effectiveness (design and operating)
• Maintain the eGRC solution
• Explain complex information to others, including new controls, requirements and evidence material
• Provide audit guidance and respond to customer inquiries, audit assessments as needed
• Provide governance and compliance consulting to the business, and recommend steps to mitigate potential exceptions
• Revise and update security policies and standards documentation
• Facilitate the completion of the SIG
• Serve as a compliance resource and fully understand Company goals and department accountabilities.

The Ideal Candidate for This Role :

Required Qualifications :

Candidates should have a deep understanding of information security concepts and controls, as well as conducting audits and assessments in conjunction with external / internal audit.

Ideal candidates will have experience performing PCI-DSS, SSAE 18 SOC audits.

• Experience and ability to develop policies or procedures to support an organization's information security and compliance program
• Experience with an eGRC or reporting tool, such as Service Now, Archer, Process Unity, Radar, or equivalent
• Ability to support information security regulatory and policy compliance activities (knowledge of SSAE 18 SOC 2, NIST, ISO, PCI-DSS, GDPR, and other applicable laws, regulations, privacy and rules)
• Strong analytical and troubleshooting skills
• Project Management : ability to organize and prioritize the workload by handling multiple projects simultaneously
• Self-motivated, innovative, and high degree of initiative. Ability to work remote, independently with minimal supervision and direction
• Must have effective verbal and written communication skills
• Bachelor’s degree in Computer Science, MIS, Information Assurance, or other technology-related field or equivalent number of years of experience
• Excellent communication and customer relationship skills, as well as the capability to effectively work with other departments.
• Experience with tools and processes used in monitoring business controls (ex : self-assessments).

Desired Qualifications

• 4+ years relevant IT compliance / audit / risk management experience preferred.
• Demonstrate a basic understanding of various compliance and regulatory areas, including but not limited to, GLBA, FFIEC, ISO 27002, PCI, AT501 (SOX) and HIPAA / HITECH.
• Knowledge of industry and Government standards as applicable to Information Protection and Assurance and knowledge of Information Technology best practices and business controls.
• One or more information security certifications : PCI-ISA / PCIP or other security certifications

Equity, Diversity, & Inclusion :

FNTS is committed to belonging, inclusion, diversity and equity. We are committed to intentionally and proactively creating pathways to success for historically underrepresented populations.

To accomplish this, we foster a culture of belonging and inclusion so that every employee is valued, and has opportunity and the ability to make an impact.

We strive to reflect the diversity of the communities we serve in the makeup of our workforce.

See the full FNTS Equity, Diversity, & Inclusion Statement here

All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

Click here to download 'EEO is The Law' Self-Print Poster

Click here to download 'EEO is The Law' Supplement for Federal Contractors

Click here to download 'EEO is The Law' GINA Supplement