The Senior Compliance Analyst is responsible for managing agreed upon baseline information and data governance security controls, aligning with business and regulatory requirements. Ensures adherence to industry acceptable standards, governmental, corporate and third-party control requirements.
Implements and maintains the PCI Compliance Program.
Coordinates PCI related PEN Tests and annual RoC Audit.
Facilitates a compliance self-certification process and annual scope reconfirmation.
Produces compliance reports as needed.
Progresses reporting and escalation to audit and compliance stakeholders for internal and external audit actions.
Influences management action plans for remediation of audit findings and compliance risk.
Manages compliance requirements for technology controls.
Manages changes to the compliance requirements and in-scope systems on an on-going basis, ensuring that new requirements are translated into new operating procedures.
Coordinates compliance training and communications.
Facilitates the change control process for all compliance related requirements.
Ensures audit trails are created and maintained across key systems in preparation for internal and external audits.
Ensures that any system changes required to maintain compliance are implemented.
Owns and maintains the master list of PCI compliance risk and incorporates it into the risk register.
Coordinates with internal and external auditors to provide audit evidence.
Develops and governs information security policy and procedures.
Develops and coordinates programs that lower information security risks.
Audits procedures for backup tools, change management, password policies, migration tools, incident management, service level agreements, and job abends.
Ensures all procedures are written to NIST and ITIL standards.
Audits vendor contracts to ensure SLAs are adhered to as stated in their contracts as needed.
Bachelor’s degree in Computer Science or related field or equivalent combination of industry related professional experience and education
5-8 years of experience
Working experience with information security and/or audit/compliance initiatives, teams, and programs
Working experience with SOX, ISO27001/2, PCI, CoBIT and/or other Information Security Management or privacy Frameworks
Preferred Education & Experience:
CPA, CISA, CISSP, CISM, CRISC or CIA certification(s)
Conduct compliance assessments for defined business applications or technology installations in defined areas, and provide advice and guidance on the application and operation of compliance requirements.
Draft and maintain compliance frameworks.
Monitor systems for compliance with regulatory requirements.
Ensure that all identified breaches in security are promptly and thoroughly investigated in alignment with compliance requirements.
Ensure that any required system changes adhere to regulatory compliance requirements.
Ensure that security records are accurate and complete in alignment with corporate and regulatory requirements.
Takes actions to support Company strategies and tactics
Maintains positive attitude and momentum in challenging situations
Communicates effectively with all partners
Demonstrates flexibility, resiliency and productivity in response to shifting priorities
Strives for continuous improvement
Shares ideas with others to address daily business issues
Builds working relationships characterized by cooperation and mutual respect
Shares ideas and resolves conflict constructively
Leverages skills and experiences to contribute to the success of team goals
Recognizes individuals and team success
Works with managers and others to create and maintain a development plan
Displays an ongoing commitment to learning and self-improvement
Demonstrates an appreciation of diverse perspectives in interactions with others
Delivers on Belk’s brands and strives to exceed customer needs
Seeks and shares customer feedback with others
Delivers high quality products and services
Focuses on desired results and how best to achieve them
Takes personal responsibility for the quality and timeliness of work