Job description
Why CompuCom? (Overview):
The Lead IT Compliance Analyst ensures proper oversight, risk management, and compliance with information-security related requirements. This position will define and implement approved information security policies and procedures. The Lead IT Compliance Analyst position relies on extensive experience and judgment to plan and accomplish compliance projects and other efforts.
This position will lead a team of onshore and offshore resources to execute readiness and preparedness activities for the enterprise IT Compliance Program for ISO 20000, ISO 27001, SSAE 18 and PCI DSS as well as develop an Information Protection Program to reduce risk across the organization. The position utilizes strong policy and process knowledge as well as knowledge of a variety of technologies to identify risk and compliance issues and to drive mitigation, remediation and compliance activities within the business and IT organization. This position involves interaction with numerous departments and business functions. The individual must possess the desire to drive projects and remediation efforts to their conclusion in an environment undergoing transformation.
This position is fully remote.
What We Need & What You'll Do (Responsibilities):
Who You Are (Qualifications):
Technical Competencies:
Competencies
Equal Employment Opportunity:
Compucom Systems, Inc. provides end-to-end IT managed services to enable the digital workplace for enterprise, midsize and small businesses. To enable our clients to focus on what matters most, we employ a customer-centric, hard-working, and talented group of people that Act Like an Owner, Do the Right Thing, and Have Fun Doing It!
The Lead IT Compliance Analyst ensures proper oversight, risk management, and compliance with information-security related requirements. This position will define and implement approved information security policies and procedures. The Lead IT Compliance Analyst position relies on extensive experience and judgment to plan and accomplish compliance projects and other efforts.
This position will lead a team of onshore and offshore resources to execute readiness and preparedness activities for the enterprise IT Compliance Program for ISO 20000, ISO 27001, SSAE 18 and PCI DSS as well as develop an Information Protection Program to reduce risk across the organization. The position utilizes strong policy and process knowledge as well as knowledge of a variety of technologies to identify risk and compliance issues and to drive mitigation, remediation and compliance activities within the business and IT organization. This position involves interaction with numerous departments and business functions. The individual must possess the desire to drive projects and remediation efforts to their conclusion in an environment undergoing transformation.
This position is fully remote.
- Lead team to execute on a Compliance Program and Framework to manage ISO 20000, ISO27001, SOC1, SOC2, SOC Cyber and PCI DSS compliance requirements including pre assessments and other IT compliance requirements.
- Build and maintain compliance calendars/schedules for ISO 20000, ISO 27001, SSAE 18, Cyber Security and PCI DSS compliance requirements.
- Facilitate both internal and external audit efforts related to IT, drive remediation activities with the business and IT, and coordinate assessment of and compliance with regulatory and legal requirements
-
Review Customer Contracts from an InfoSec and Compliance standpoint alongside Legal as well as review third party contracts and assessments for security and data protection purposes.
- Identify, manage, and maintain work products required to implement the information security program and plan.
-
Lead compliance projects and implementations including enterprise Information Protection Projects to reduce risk around sensitive data.
-
Develop and maintain risk and compliance reporting metrics to ensure progress on these programs is managed, tracked, and understood by leadership.
-
Lead efforts to identify appropriate compliance requirements and controls based on current and future risks, policies, and architecture to ensure adequate controls are in place to meet regulatory and industry standard security requirements.
-
Provide compliance requirements, consultation and advisement to the business and project leads around data protection issues, risk management and security compliance.
-
Identify, review, assess, and enable business functions that impact information security.
- Bachelor’s in Computer Science, Information Management, HR Systems, or Relevant Work Experience
- 8+ years of experience plus 2 years in a supervisory role is preferred.
- Services solutions and technology background is a plus.
- Knowledge of industry practices and application systems, and the potential use of technology solutions in a business environment required.
- Preferably five or more years of experience in cross-functional teams influencing management and key stakeholders effectively across the organization and within complex contexts.
- Demonstrated experience in leading teams, including day to day prioritization of work, reviewing system changes, and approving all work going into Production.
- Preferably proven experience in building relationships with business partners to align and deliver on common objectives for the company
- CISA (Certified Information Systems Auditor)
Technical Competencies:
- Experience with applicable legal and regulatory requirements, including, but not limited to, the Sarbanes-Oxley Act (SOX), California Consumer Privacy Act (CCPA), Personnel Information Protection and Electronic Documents Act (PIPEDA), and General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS)
- Experience with ISO 20000, ISO 27001, and SSAE 18
- Experience in performing risk assessments and maintaining Risk Register.
- Experience in developing IT audit plans and IT audit programs.
- Knowledge of operating systems, servers, IT network equipment and network diagrams.
- Knowledge of and experience in developing and documenting project plans, test plans and delivery/release notes
- Knowledge of and experience with cloud architecture deployments and SaaS, PaaS, and IaaS solutions
- Familiarity with ITIL, SDCL, Agile and other methodologies for service and software delivery
- Familiarity with NIST Cyber Security Framework
Competencies
- Strong negotiation and ability to coach and guide associates toward new levels of contribution
- Experience leading and building Information Systems delivery organizations
- Demonstrated leadership qualities communicating and reporting at the business and IT executive level
- Experience in software development project management
- Ability to execute on simultaneous projects to successful delivery
- Ability to communicate (verbally and in writing) effectively with stakeholders and senior business leadership of departments and customers participating in this project
- Ability to organize and work effectively with project teams made up of internal staff and/or external parties
- Demonstrated experience and relevant expertise in the configuration and deployment of Information Systems business solutions
- Demonstrated experience with vendor management and contract structuring
- Strong technology skills with the ability to synthesize relevant information and make key decisions
- Strong analytical skills to relate security requirements to appropriate security controls including sensitive data management
- Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation
- Excellent communication abilities and relationship building skills
- Written, verbal, and presentation skills with the ability to effectively interact with internal and external business partners
Equal Employment Opportunity:
CompuCom is committed to providing equal employment opportunities in all employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, citizenship status, marital status, age, disability, protected veteran status, sexual orientation or any other characteristic protected by law.
colinoncars.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, colinoncars.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, colinoncars.com is the ideal place to find your next job.