Position: Compliance Analyst: III
Location: Madison, NJ 07940
Term: 11 Months
In collaboration with multiple support areas team, this role will assist and be expected to lead in the establishment of appropriate protocols for managing data. They will provide management with recommendations about how to best govern the use of an access to the information.
- * Assist in the annual review of Compliance and Privacy programs include process and standards, policy and policy review, audit calendar and other annual requirements as needed.
- * Conducts Privacy Impact Assessments of identified applications and/or business processes identified as in-scope for Data Privacy, the company's Information Security Standards and various Regulations, including but not limited to development and completion of action plans to address findings/observations.
- * Participates in developing and implementing action plans to maintain compliance with internal and external regulatory bodies.
- * Provide guidance during development of internal systems used by the business to ensure appropriate compensating controls are in-place for ongoing compliance.
- * Assists in the monitoring and investigations of operational issues relating to compliance matters or items resulting from Data Privacy Impact Assessments.
- * Utilizes tools to assess Data Privacy and Regulatory Compliance related matters as it pertains to the client and the organizations privacy and compliance requirements.
- * Technical acumen to manage and enhance enterprise Data Privacy tools and solutions.
- * Assists in the development and provides privacy training and communications to address a variety of privacy issues and programs.
- * Assist with the identification of process improvements focusing on continuous improvement to move from manual to automated processes pertaining to security/data privacy controls.
- * Provide appropriate reports and updates to GIS management on data privacy matters and assist with the creation/ further development of appropriate tracking metrics.
- * Knowledge of Vendor Risk Assessments and how third-party risk can be mitigated.
- * Additional responsibilities as required.
- * Bachelor's degree in a business-oriented or related discipline
- * Knowledge of common IS security regulations and standards, such as ISO/IEC 27001 and 27002, FISMA, the NIST Cybersecurity Framework and NIST Special Security Publications and AICPA SOC2 required.
- * Three or more years of experience conducting security control assessments, vendor risk assessments or IT/operational control audits.
- * Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), and other applicable certifications preferred, but not required.
- * Experience in the areas of risk analysis and data, information and application security management, IT security standards and best practices, and privacy and security legislation.
- * Strong analytical and problem-solving skills, strategic, innovative and creative thinking with ability to assist in developing best practices.
- * Project Management experience preferred
- * Strong verbal and written communication skills with the ability to communicate regulatory concepts to a broad range of technical and non-technical staff.
- * Must demonstrate proficiency in the areas of HIPAA, NYDFS, Sarbanes-Oxley, and PCI-DSS, State Data Privacy Acts and other regulatory standards.
- * Networking and relationship building skills.
- * Ability to work independently and collaboratively, in a team and highly visible setting.
- * A high level of initiative & a Self-starter
Additional Job Details:
- This role is remote with equipment to be shipped to work location.
- Some in person meetings may be required at the NJ location in the future.