Enterprise Compliance Analyst III
The Select Group

Job Info

---

Enterprise Compliance Analyst III
The Infosecurity space is growing at one of our top insurance clients. Already having completed a recent merger, there are 8 additional acquisitions planned for this year, and they will need to continue to ramp up to remain compliant.

Project Details:
Seeking consultant or lead level PCI expert Compliance Analyst / Auditor to join as a Delivery Lead over the Infrastructure and Process Space.
This candidate will be responsible for ensuring that our client's policies and processes adhere to PCI regulatory and legal compliance standards, in addition to SOX, HIPAA, and ISO Cybersecurity frameworks. They will work with other members of the team including CISO and InfoSec leads to enhance business practices, internal controls, and perform other review-related activities to support the execution of the department's annual assessment plan.

Must Have Skills:

• 5-10 years substantive experience with PCI compliance; assessing controls, collecting artifacts, completing CCWs and working closely with QSAs.
• Demonstrated knowledge of PCI, HIPAA, SOX, ISO27000 and NIST Cybersecurity Frameworks - hands on experience required.
• Demonstrated understanding of the current PCI DSS and how it applies to a large, complex organization accepting payment via multiple channels and technologies.
• ISA, PCIP, and CISA qualifications/certifications.

Nice to Have Skills:

• All Star candidate will have a QSA certification!
• CCNA, CCNP, CIA, CISSP, CISA, CISM, CCRISC, or CGEIT certifications.
• Experience with Stream, Archer, CyberArk, Fortify, Qualys, Rapid7, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS, VMWare, Palo Alto.
• Experience with high-level programming languages (e.g. Java, C, C++, C#, python) and web application development (JavaScript, PHP, ASP).
• Knowledge of SQL & Oracle dB's.

Education/Certification Requirements:

• ISA, PCIP, and CISA certifications.
• Bachelors or equivalent experience.

Day to day responsibilities:

• Works with Security Architects, Security Analysts, Security Administrators, CISO, Allstate InfoSec Teams, and other IT and business departments to enhance/develop and review procedures and controls to meet PCI compliance requirements.
• Supports the planning and execution of control assessments related to PCI and other industry/regulatory requirements as well as common security frameworks such as NIST, ISO, and HITRUST.
• Collect and document business requirements for process identification/improvement/automation efforts.
• Contributes to the development of process improvements.
• Applies knowledge of key regulations to influence assessment scope.
• Fieldwork/Execution: with limited supervision, performs testing (including walkthroughs), takes ownership to complete clear and well-organized assessment papers that appropriately document the work performed, uses root cause analysis for problem solving and communicates potential issues timely to supervisor.
• Evaluates risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans.
• Reporting: Formulates appropriate conclusions regarding the adequacy of internal controls and procedures based on the assessment work performed and knowledge of company operation; drafts well written, clear and concise finding reports and participates in presenting the findings to the Enterprise Risk & Compliance management.
• Remediation: Monitors the implementation of corrective action plans with first and second lines of defense and presents updates to the findings to the Enterprise Information Risk & Compliance management.
• Conducts assessments of controls while documenting remediation items and working with vendors until items have reached a satisfactory level of risk.

Remote Info: WFH/Remote - EST or CST

Get job alerts by email. Sign up now!

This job has expired.