Sr. IT Security Compliance Analyst

Responsibilities

The IT Security Compliance Analyst role will be responsible for the Information Technology governance and compliance program within Express.

This role will primarily include executing the day-to-day monitoring and execution of the required Payment Card Industry Data Security Standard (PCI-DSS) controls and Sarbanes-Oxley internal information technology controls and processes that support financial reporting.

The analyst will also be the primary contact for the IT compliance program and be the primary liaison between the Express IT department and the internal audit partners and with external auditors as needed.

These responsibilities include facilitating meetings and requests with the audit teams, reporting current risks and issues to management, and providing executive level reporting on a periodic basis.

• Serves as the subject Matter Expert (SME) in all IT compliance activities, including, but not limited to Sarbanes-Oxley, PCI-DSS, and privacy initiatives.
• Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security.
• Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes
• Works within the information security governance process to define control recommendations that are both efficient and effective.
• Manages relationship with audit partners (internal and external). Receives audit findings and manages the collection of responses and remediation plans with owners and provides status updates.
• Prepare reports that document security incidents and the scope of the impact caused by the incident.
• Performs risk assessments for new vendor engagements, validating inputs from the vendor questionnaires and evaluating risks to Express based on vendor responses.
• Organize and manage weekly IT change advisory board meetings
• Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
• Performs control assessments to identify control weaknesses and assess the effectiveness of existing controls and recommends and tracks remedial actions.

REQUIRED EXPERIENCE & QUALIFICATIONS

• Technical Bachelor’s Degree or 5-7 years’ equivalent experience required
• This position requires strong organizational, technical and communication skills.
• The ideal candidate for this position is very well versed in IT governance and compliance as demonstrated by a minimum of 5 years of experience working in IT audit, governance, and / or compliance roles.
• Is familiar with and understands established information security best practice frameworks and other control frameworks.

NIST 800-53, SANS Top 20, CIS CSS, NIST CSF,

CRITICAL SKILLS & ATTRIBUTES

• Knowledge of best practices for security, including identity and access management, and data privacy compliance (PCI, SARBANES-OXLEY, CCPA,
• Must possess a high level of initiative and self-motivation.
• Strong organizational / time-management skills.
• Willingness to learn new processes and technologies
• Demonstrate effective decision-making, problem solving, analytical and communication skills.
• Ability to work independently and effective at building partnerships to facilitate the accomplishment of goals.
• Effective at planning and leading meetings to accomplish stated goals and objectives.
4 days ago