This position will work as an IT Compliance Analyst I in the company’s Information Security and Compliance area and provide expertise in the analysis, implementation and monitoring of security controls.
Duties And Responsibilities
- Interface with IT and other departments to perform the necessary technical review and assess compliance maturity procedures and develop/oversee implementation of improvements or corrective actions
- Performs analysis and interpretation of security and compliance issues
- Executes compliance processes and reporting systems
- Assists IT with remediation planning, track findings and facilitate remediation of security issues identified through assessments
- Maintain a continual compliance process for IT General Controls that is flexible and scalable for regulatory requirements and organizational directives
- Assist in the analysis, development and ongoing improvement of a comprehensive, flexible and scalable IT Controls program for regulatory requirements and organizational directives
- Ensure that key processes are documented, reviewed at least annually for accuracy and improvement opportunities, and followed, as appropriate
- Helps to guide compliance projects to successful completion
- Non-Essential Duties and Responsibilities
- Performs users access reviews in accordance with security and compliance requirements
- Reviews include, but not limited, of applications, servers, databases, server accounts
- Perform walkthroughs systems and processes and identify gaps in controls
- Proficient in excel spreadsheet and lookup formulas
Scope
- Staff supervision and development: No
- Decision making: please see examples above Provide data for decision support
- Travel: Up to 5%
- Flex Designation: Anywhere
RequirementsEducation And Experience
Education Requirements
Years of Experience
- 2 to 4 years of experience with compliance or audit experience
Skills
- Education and/or Experience: 2+ years education in related field (preferred)
- Experience (Required): 2 to 4 years tech experience with direct compliance or audit experience
- Past training in information security or compliance areas
- Solid understanding of PCI DSS requirements
- Experience with IT General Controls
- Experience performing user access reviews
- Process, procedure, and standards development experience
- Skills (Required) - Be well versed in the current state of Information Security topics, and be able to interpret technical requirements and controls of relevant governing bodies (such as PCI DSS, ITGC, NIST, ISO, SSAE, HITECH, etc.) for the Harbor Freight networking environment
- Good customer service skills and a “can do” attitude
- Good ability to collaborate with other team members
- Excellent written and oral communication and documentation skills
- Strong ability to take initiative to gets tasks and projects completed successfully
- Ability to perform after hours during designated periods
- Strong analytical skills, to analyze security requirements and relate them to appropriate security controls
- Skills (Preferred / Desired) -
- Additional Qualifications (behavioral traits, certifications, etc.)
Physical Requirements
General office environment requiring ability to:
- Stand, walk, sit for extended periods of time.
- Speak and listen to others in person and over the phone and video conferencing.
- Use keyboard and read from computer screen and reports.
- The ability to lift up to 15 lbs.
Safety
- Must be able to perform this job safely in accordance with standard operating procedures and good manufacturing practices, without endangering the health or safety of self or others.