Sr Compliance Analyst - Desde casa, México - Integon Service Co.

Integon Service Co.

Empresa verificada

Desde casa, México

hace 2 semanas

Publicado por:

Rodrigo Fernández

Reclutador de talento para beBee

Descripción

Primary Purpose:

The Information Security Analyst III is a senior level position responsible for ensuring that National General Policies and processes adhere to regulatory and legal compliance standards such as PCI, SOX, HIPAA, and ISO Cybersecurity Frameworks.

The Compliance Analyst will work with the other members of the team to enhance business practices, internal controls and perform other review-related activities to support the execution of the department's annual assessment plan.

Essential Duties and Responsibilities:

Works with Security Architects, Security Analysts, Security Administrators and other IT and business departments to enhance/develop and review procedures and controls to meet PCI compliance requirements
Supports the planning and execution of control assessments related to PCI and other industry/regulatory requirements as well as common security frameworks such as NIST, ISO, and HITRUST
Collect and document business requirements for process identification/improvement/automation efforts
Contributes to the development of process improvements
Applies knowledge of key regulations to influence assessment scope
Fieldwork/Execution: with limited supervision, performs testing (including walkthroughs), takes ownership to complete clear and wellorganized assessment papers that appropriately document the work performed, uses root cause analysis for problem solving and communicates potential issues timely to supervisor
Evaluates risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans
Reporting: Formulates appropriate conclusions regarding the adequacy of internal controls and procedures based on the assessment work performed and knowledge of company operation; drafts well written, clear and concise finding reports and participates in presenting the findings to the Enterprise Risk & Compliance management
Remediation: Monitors the implementation of corrective action plans with first and second lines of defense and presents updates to the findings to the Enterprise Information Risk & Compliance management
Conducts assessments of controls while documenting remediation items and working with vendors until items have reached a satisfactory level of risk
Other duties as assigned

JOB REQUIREMENTS

Minimum Skills and Competencies:

810 years substantive experience as a Compliance Assessor or Auditor with a licensed financial institution or a regulatory compliance examiner with a federal or state financial services regulator
Bachelor's degree in Computer Science or Computer Information Systems or related or equivalent experience
510 years substantive experience with PCI compliance; assessing controls, collecting artifacts, completing CCWs and working closely with QSAs
Demonstrated knowledge of PCI, HIPAA, SOX, ISO27000 and NIST Cybersecurity Frameworks
Demonstrated understanding of the current PCI DSS and how it applies to a large, complex organization accepting payment via multiple channels and technologies
510 years experience with infrastructure technologies including platforms, firewalls, routers, switches, virtualization and databases
Demonstrated detailed oriented selfstarter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments
A strong ability to multitask and manage varying priorities and projects
Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a broad range of technical and nontechnical staff

Desired Skills:

QSA, ISA, PCIP, CCNA, CCNP, CIA, CISSP, CISA, CISM, CCRISC, or CGEIT certifications
Stream, Archer, CyberArk, Fortify, Qualys, Rapid7, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS, VMWare, Palo Alto
Knowledge of SQL & Oracle dB's