IT Compliance Analyst III

Posted 10 August 2023
Location Oklahoma City, United States of America
Job type Full Time
DisciplineIT
Reference8836

Job Description

IT Compliance Analyst III

Location: Oklahoma City, OK

Description

Responsible for information security control maintenance and auditing; monitoring compliance with security policy and applicable law. Work with groups in IT, development, and other business units to perform risk assessment reviews, document audit requirements, and implement relevant controls.

RESPONSIBILITIES

  • Monitor information security news for emerging threats, technologies, and regulations that could have an impact on the security of processes, systems, and applications.

  • Champion and manage IT SOX, SOC 1, SOC 2, PCI-DSS, FFIEC, PIPEDA, and GDPR programs, documenting policies and procedures as well as performing audits, risk assessments and management reviews.

  • Collaborate with and educate employees at all leadership levels to determine compliance needs and implement controls.

  • Coordinate and execute IT security projects. Report results to leadership.

  • Update job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.

  • Protect organization's value by keeping information confidential.

  • Document specific duties, activities, problems solved and issues resolved.

  • Assist in onboarding new teammates.

  • Assist in the development of benchmarks and sets specific goals for the evolution of the security of systems, processes, and applications.

  • Actively seek to expand individual skills through research, training, and collaboration with peers.

  • Attend meetings and serve on committees, as requested.

  • Work flexible hours, including weekends and evenings.

  • Availability to respond to emergency situations.

  • Perform additional duties and assignments as requested.


Qualifications

Education/Certification:

  • Bachelor’s Degree in CS, MIS or related field

  • Industry Certification (GCCC, CISSP, GSNA etc.) highly preferred


Experience Required:

  • 5+ years of IT risk management, IT audit or regulatory compliance experience


Knowledge/Skills/Abilities:

  • Information security standards such as IT SOX, SOC 1, SOC 2, ISO 27001, PCI-DSS, FFIEC, PIPEDA, GDPR

  • Industry-specific information security best practices

  • Risk identification and analysis techniques

  • Data confidentiality regulations, strategies and best practices

  • Evaluate critical systems, prioritize workflow and determine solutions

  • Perform risk assessments

  • Strong analytical and problem-solving skills

  • Excellent written and verbal communication skills

  • Interpret and apply laws, regulations and policies

  • Work for extended time at keyboard/terminal

  • Maintain effective working relationships with supervisor and coworkers