Information Security & Privacy Compliance Specialist
Interactions is changing the way businesses and consumers communicate by transforming frustrating experiences into productive conversations.
At Interactions, we have created an environment that is based on innovation, quick-thinking, and abundant growth opportunities. Our employees are smart, hard-working and invested in the success of the company. We pride ourselves on our forward-thinking and innovation, and our ability to balance a start-up environment with a healthy work-life balance.
Working at Interactions is an opportunity to be part of the team that’s changing the way customer care is delivered.
The Compliance Specialist will be an integral part of the Interactions team that drives the information security and privacy compliance function for the organization.
Essential Job Functions*:
The Compliance Specialist is responsible for
- managing external audit firms.
- the planning and execution of external audits.
- monitoring, managing, and closing existing audit issues.
- ensuring that internal systems are compliant with security and privacy standards.
Regulatory Requirement Mapping
• Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes.
• Map regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies.
• Track regulatory compliance and maintain up-to-date records of regulatory requirements and corresponding mitigating controls.
• Ensure that Information Security policies comply with regulations; draft, edit, and publish Policy and Standards when policies need to be updated or created.
• Coordinate with other SMEs and functions who maintain controls to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
• Facilitate internal assessments of controls against compliance requirements, providing reports and remediation recommendations.
• Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.
Other Duties and Responsibilities:
• Client RFP/Questionnaire responses relating to information security and information security compliance
• Vendor Information Security Risk Management (performing third-party risk assessments)
Preparation, Knowledge, Skills and Abilities:
• Technical expertise and experience implementing security controls across a broad range of scopes
• Expert level experience (3-5 years) with hands-on analyzing and applying compliance requirements to security practices including, but not limited to Trust Services Criteria SOC2 (SSAE18), PCI, HIPAA, GDPR, CCPA, ISO27001.
• Ability to keep current with changes and trends in the regulatory landscape
• Demonstrated organization, facilitation, communication, and presentation skills
• Demonstrated ability to lead and execute across a range of businesses within an enterprise and functions with differing issues and interests
• Certified Information Privacy Professional (CIPP)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• PCI Qualified Security Assessor (QSA)
• PCI Internal Security Assessor (ISA)
• Certified in Risk and Information Systems Control (CRISC)