Compliance and Information Security Analyst
- Enon, OH
The Compliance and Information Security Analyst develops, manages, and applies, procedures and guidelines in order to effectively protect the company's credit card data and maintain SOX compliance. Uses audit and reporting processes to ensure that all information systems, technology infrastructure and data stores comply with the current established policies and standards.
• Collaborates with internal/external partners to ensure data security, clarify requirements and identify gaps in credit and SOX related documentation and processes
• Participates in all audits (both internal and external) involving IT and facilitate remediation of findings as necessary.
• Create and maintain IT SOX controls.
• Assists in ensuring successful completion of the annual Payment Card Industry Report on Compliance (ROC) process by working with all parties involved. Facilitates remediation of findings as necessary.
• Assists in coordinating activities related to the annual testing of the PCI Incident Response Plan
• Creates and manages a central document repository for IT SOX related documentation.
• Ensures that vendors are compliant and complete all necessary processes and procedures, in conjunction with procurement
• Performs risk and business impact analysis for all changes to the company's IT SOX environment
• Provides expertise at high level meetings and conferences by attending and presenting data as needed
• Keeps abreast of technology, industry related trends and changes to security laws and regulations
• Develops, recommends and implements policies and procedures related to day-to-day department functions and ensures continued compliance with SOX and Payment Card Industry Data Security Standards (PCI DSS).
• Ensures appropriate data security training is available to other departments by working in conjunction with other departments to create courses and materials for field and corporate locations
• Completes other duties, including special projects and ITS compliance issues as assigned by Management
Education: Bachelor's Degree or equivalent education and experience (Computer Science, MIS, IT Security or other related field)
• Demonstrated expertise with Word, Excel and other MS Office suite applications
• Excellent verbal and written communication, organizational and interpersonal skills and the ability to research and resolve issues
• Good understanding of business issues, technical implications and intra-department functions and operations
• Complete understanding of Payment Card Industry Data Security Standards (PCI) compliance requirements and payment card transactions
• Working knowledge of SOX compliance requirements and controls
• Ability to handle diverse situations, multiple projects and rapidly changing priorities
• Ability to present information in a clear and concise manner
• Ability to multi-task and track multiple efforts concurrently
• Ability to perform repeated bending, standing, and reaching
• Ability to occasionally lift up to 40 pounds
Work Experience Desired:
- Three to five years of experience with PCI and SOX
- Working knowledge of both PCI and SOX standards and requirements. Relevant certifications (PCI ISA, PCIP, CISA, etc.) are a plus.
Back to top