Interactions is changing the way businesses and consumers communicate by transforming frustrating experiences into productive conversations.

At Interactions, we have created an environment that is based on innovation, quick-thinking, and abundant growth opportunities. Our employees are smart, hard-working and invested in the success of the company. We pride ourselves on our forward-thinking and innovation, and our ability to balance a start-up environment with a healthy work-life balance.

Working at Interactions is an opportunity to be part of the team that’s changing the way customer care is delivered.

Position Overview:

The Compliance Specialist will be an integral part of the Interactions team that drives the information security and privacy compliance function for the organization.

Essential Job Functions*:

The Compliance Specialist is responsible for

• managing external audit firms.
• the planning and execution of external audits.
• monitoring, managing, and closing existing audit issues.
• ensuring that internal systems are compliant with security and privacy standards.

Regulatory Requirement Mapping

• Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes.

• Map regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies.

Monitoring Compliance

• Track regulatory compliance and maintain up-to-date records of regulatory requirements and corresponding mitigating controls.

• Ensure that Information Security policies comply with regulations; draft, edit, and publish Policy and Standards when policies need to be updated or created.

Cross-Functional Collaboration

• Coordinate with other SMEs and functions who maintain controls to track compliance across the organization and pool expertise on vague or complex regulatory requirements.     

• Facilitate internal assessments of controls against compliance requirements, providing reports and remediation recommendations.

• Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.

Other Duties and Responsibilities:

• Client RFP/Questionnaire responses relating to information security and information security compliance

• Vendor Information Security Risk Management (performing third-party risk assessments)

Preparation, Knowledge, Skills and Abilities:

Required:

• Technical expertise and experience implementing security controls across a broad range of scopes

• Expert level experience (3-5 years) with hands-on analyzing and applying compliance requirements to security practices including, but not limited to Trust Services Criteria SOC2 (SSAE18), PCI, HIPAA, GDPR, CCPA, ISO27001.

• Ability to keep current with changes and trends in the regulatory landscape

• Demonstrated organization, facilitation, communication, and presentation skills

• Demonstrated ability to lead and execute across a range of businesses within an enterprise and functions with differing issues and interests

Desired certifications:

• Certified Information Privacy Professional (CIPP)

• Certified Information Systems Auditor (CISA)

• Certified Information Systems Security Professional (CISSP)

• PCI Qualified Security Assessor (QSA)

• PCI Internal Security Assessor (ISA)

• Certified in Risk and Information Systems Control (CRISC)