Senior Technology Compliance Analyst (Remote)
- Richmond, VA
8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238
CarMax, the way your career should be!
Do you want to play a key role in enhancing the Cybersecurity program for a Fortune 200 company and national brand that has also been listed on the Fortune 100 Best Places to Work for the past 15 years in a row? Do you enjoy working in a collaborative environment where your ideas can help shape the direction and development of critical cybersecurity capabilities?
Do you want to work with a team of talented professionals that have in-depth technical knowledge and be the subject matter expert in technology compliance governance and audit compliance?
Then your job search begins and ends here….
Who we are looking for:
A senior technology compliance analyst with experience in the areas highlighted below. This is a unique opportunity at a Fortune 200 company and national brand to expand your skills and influence a growing Cybersecurity Program. This opportunity as a provides the ability to work with the Technology management teams to evaluate controls, perform control testing to improve efficiency and effectiveness of the internal controls, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. You will facilitate control reviews to accommodate new business areas as well as changes in processes. Assist the technology teams in identifying gaps between policy and process, developing recommendations to remediate control weaknesses as well as executing SSAE 18 Audit reviews of key third party service providers to ensure compliance obligations are being met including the monitoring of any remediation plans to address their weaknesses.
The Day to Day:
• Plan, design and execute compliance testing, controls assessment and documentation across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HIPAA and other compliance requirements, as appropriate
• Serve as trusted advisor and technology key controls subject matter expert; partner to evaluate the design and effectiveness of the control environment, both operational and technical; to develop trending for remediation efforts and overall compliance with regulatory and operational standards, and to build compliance programs including detailed exception reporting and complex configuration monitoring requirements
• Provide direction and guidance in pre-implementation reviews of new systems and services to ensure proper controls are implemented and executed to meet compliance
• Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet compliance standards where applicable
• Be a trusted advisor to the technology teams for in scope internal and external audits to expedite reviews and mitigate operational impacts
• As an integral member of the team, exhibiting ownership, follow through, initiative, awareness and effective communication with peers and management and ability to speak to details of compliance
• Prepare and provide accurate, timely communications of observations, recommendations and conclusions as well as evaluating management remediation action plans
Technology Compliance Methodology:
• Ability to understand business requirements, to help design and implement Compliance management practices for all supported technology environments
• Champion of Technology Compliance methodology by demonstrating ownership of the design aspects of the operations lifecycle
• Passionate about continuous improvement and ownership of controls across systems and processes
• Consistently shows the ability to mentor others in the assessment of Compliance as it relates to CarMax's® data and processes
• Ability to drive compliance and communicate the compliance posture along with risk exposure to senior leader supporting technology infrastructure
• Ability to help develop and deliver compliance training and awareness type activities with proven results across all domains
• Maintain a strong knowledge base and awareness of industry and technology trends, external regulations for new or changed requirements within technology and identify industry standards for core processes (e.g. NiST, PCI, ITIL, data privacy etc.)
• Ability to lead meetings with business partners to define compliance process, initiate assessments, and articulate results to include remediation plans
• Partner to gain consensus on Compliance approaches with a proven ability to effectively communicate remediation and prevention
• Able to help influence others to support the technology compliance strategies and initiatives and to drive corporate Compliance
• Ability to problem solve obstacles and find alternative ways to meet and achieve compliance goals
Here's the technology part…
Experience with the following required:
• Understanding of key compliance regulations such as Sarbanes-Oxley, GLBA, HIPPA and Payment Card Industry (PCI), plus external regulations new or changed within technology and identify industry standards from which to modify core Compliance processes staying ahead of industry trends and emerging threats
• Experience in performing risk-based testing for control compliance, including the identification, assessment and mitigation of compliance issues: understanding how to balance the companies risk appetite to compliance needs/requirements
• Must have detailed knowledge and experience with technology controls across a variety of Industry frameworks and how to assess controls supporting compliance for SOX, PCI, and Privacy.
• Developing dynamic approaches to the implementation of and technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicable
• Proven ability to independently gather test evidence and translate compliance findings into actions
• Able to assess, identify, and document third party system compliance deficiencies and recommends solutions to include understanding SOC reports
• Excellent communication skills to include but not limited to verbal and written communication; delivering organized presentations; able to tailor message to the audience; and facilitate group discussions with diplomacy and seek diverse opinions
• Excellent analytical skills with experience in data analysis to support reporting and testing processes.
• Dedication and commitment to world class service and to exceeding customer expectations.
• Desire to keep current with technology and emerging technology compliance trends.
• Possess strong organization and time management skills.
• Demonstrated flexibility in a fast paced and agile environment.
Education and/or Experience:
• Bachelor's degree in Business/ Computer Science/Technology with IT audit or compliance experience
• In depth knowledge of information security, Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit
• 5+ years working experience with enterprise technology compliance management programs, or Auditing experience, controls testing, conducting ITGC and PCI assessments and leading related project teams as a security subject matter expert in privacy, data security and control issues with technologies such as Cloud, SaaS, Linux, Windows, VMware, Intrusion Prevention
• Previous working experience and knowledge of two or more security functions (IT Compliance Assessor, QSA, Security Specialist, IT Auditor)
• Possession of one of the following industry certifications required: CISA, CRISC, CIA, CISM, PCI, CISSP
NOTE: This is a remote work opportunity
Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.
Back to top