The Compliance Specialist will be an integral part of the Interactions team that drives the information security and privacy compliance function for the organization.

Essential Job Functions*:

The Compliance Specialist is responsible for 

• managing external audit firms.

• the planning and execution of external audits.

• monitoring, managing, and closing existing audit issues.

• ensuring that internal systems are compliant with security and privacy standards.

Regulatory Requirement Mapping

• Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes.

• Map regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies.

Monitoring Compliance

• Track regulatory compliance and maintain up-to-date records of regulatory requirements and corresponding mitigating controls.

• Ensure that Information Security policies comply with regulations; draft, edit, and publish Policy and Standards when policies need to be updated or created.

Cross-Functional Collaboration

• Coordinate with other SMEs and functions who maintain controls to track compliance across the organization and pool expertise on vague or complex regulatory requirements.      

• Facilitate internal assessments of controls against compliance requirements, providing reports and remediation recommendations.

• Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.

Other Duties and Responsibilities:

• Client RFP/Questionnaire responses relating to information security and information security compliance

• Vendor Information Security Risk Management (performing third-party risk assessments)

Preparation, Knowledge, Skills and Abilities: 

Required:

• Technical expertise and experience implementing security controls across a broad range of scopes

• Expert level experience (3-5 years) with hands-on analyzing and applying compliance requirements to security practices including, but not limited to, Trust Services Criteria (SSAE18), PCI, HIPAA, GDPR, CCPA, ISO27001.

• Ability to keep current with changes and trends in the regulatory landscape

• Demonstrated organization, facilitation, communication, and presentation skills

• Demonstrated ability to lead and execute across a range of businesses within an enterprise and functions with differing issues and interests

Desired certifications: 

• Certified Information Privacy Professional (CIPP)

• Certified Information Systems Auditor (CISA)

• Certified Information Systems Security Professional (CISSP)

• PCI Qualified Security Assessor (QSA)

• PCI Internal Security Assessor (ISA) 

• Certified in Risk and Information Systems Control (CRISC) 

Supervisory Responsibility:

None

Working Conditions/Physical Demands:

• Up to 10 % of the time.

• General office environment. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc.  Work is generally performed within the office environment, with standard office equipment available.

• While performing the duties of this job, the employee is required to sit or stand for long periods, use hands and fingers for typing and to handle computer controls. Heavy phone and computer usage is required for this position.