IT Compliance Analyst III
Job Description
IT Compliance Analyst III
Location: Oklahoma City, OK
Description
Responsible for information security control maintenance and auditing; monitoring compliance with security policy and applicable law. Work with groups in IT, development, and other business units to perform risk assessment reviews, document audit requirements, and implement relevant controls.
RESPONSIBILITIES
Monitor information security news for emerging threats, technologies, and regulations that could have an impact on the security of processes, systems, and applications.
Champion and manage IT SOX, SOC 1, SOC 2, PCI-DSS, FFIEC, PIPEDA, and GDPR programs, documenting policies and procedures as well as performing audits, risk assessments and management reviews.
Collaborate with and educate employees at all leadership levels to determine compliance needs and implement controls.
Coordinate and execute IT security projects. Report results to leadership.
Update job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
Protect organization's value by keeping information confidential.
Document specific duties, activities, problems solved and issues resolved.
Assist in onboarding new teammates.
Assist in the development of benchmarks and sets specific goals for the evolution of the security of systems, processes, and applications.
Actively seek to expand individual skills through research, training, and collaboration with peers.
Attend meetings and serve on committees, as requested.
Work flexible hours, including weekends and evenings.
Availability to respond to emergency situations.
Perform additional duties and assignments as requested.
Qualifications
Education/Certification:
Bachelor’s Degree in CS, MIS or related field
Industry Certification (GCCC, CISSP, GSNA etc.) highly preferred
Experience Required:
5+ years of IT risk management, IT audit or regulatory compliance experience
Knowledge/Skills/Abilities:
Information security standards such as IT SOX, SOC 1, SOC 2, ISO 27001, PCI-DSS, FFIEC, PIPEDA, GDPR
Industry-specific information security best practices
Risk identification and analysis techniques
Data confidentiality regulations, strategies and best practices
Evaluate critical systems, prioritize workflow and determine solutions
Perform risk assessments
Strong analytical and problem-solving skills
Excellent written and verbal communication skills
Interpret and apply laws, regulations and policies
Work for extended time at keyboard/terminal
Maintain effective working relationships with supervisor and coworkers