IT Compliance Analyst III
Chewy is looking for an IT Compliance Analyst III to join our Information Technology Team based in Dania Beach, FL or Boston, MA
What you'll do:
- Oversee processes on development and maintenance of information security policies, standards, and procedures to address risk and security compliance requirements
- Work with IT Leadership to support the execution of strategies and objectives in accordance with IT Compliance frameworks, guidelines, and requirements
- Advise and train IT process owners on best practices related to IT General Controls, IT security, remediation of any issues and deficiencies
- Conduct risk assessments of information systems which includes creating asset profiles, evaluating threat likelihood and impact, and identifying mitigating controls to determine inherent and residual risk to systems
- Help IT management to maintain an effective SOX control environment and ensure adequate controls are in place to mitigate risks
- Support ongoing internal audit reviews to ensure all required documentation is provided
- Work with the IT Teams in the completion of the SOX certification for new systems and during significant upgrades/updates of existing systems
- Monitor and test IT compliance metrics for SOX, PCI, Cybersecurity, and Privacy to ensure the program is meeting regulatory requirements and internal corporate goals and timelines
- Lead the ongoing development, implementation, and enforcement of security awareness training programs, requirements, and initiatives
- Develop training, newsletters and other educational material that is engaging and promotes adoption of security & compliance best practices
- Manage the phishing program and educate malicious clickers on best-in-class cybersecurity practices
- Responsible for supporting Data Privacy activities including PCI and CCPA compliance
- Review SSAE 18 and/or third-party assessments/reviews performed by external parties and communicate roles and responsibilities to stakeholders, as needed
What you'll need:
- Sustainable knowledge of compliance requirements associated with SOX (ITGCs & ITACs), Cybersecurity and PCI
- Extensive knowledge of general information security best practices and standards such as ISO 27001, COBIT 5, NIST SP 800 series, NIST CSF
- Solid knowledge/experience in Software development life cycle, DevOps, networks, databases, operating systems, application controls and IT operations
- General understanding of internal audit methodologies and processes
- Work with Internal Audit, external auditors, IT management and staff to identify feasible implementation of controls and resolutions to manage weaknesses and create opportunities for improvement
- Ability to create and maintain IT policies & procedures, management, and executive level reports on effectiveness of IT governance controls and exceptions
- Ability to perform assigned tasks and responsibilities with minimal supervision, which includes planning, executing, and reporting on required compliance tasks within assigned timelines
- 5+ years of IT experience covering Internal or External IT audit, risk management, vulnerability management, data security, regulatory compliance, vendor management, incident response
- Bachelor’s Degree in Information Systems, Risk Management, Business Administration, or a related field
- At least one of the following certifications: CISA, CISM, CISSP, CRISC, GCCC, or CAP.
- Excellent interpersonal and presentation skills
- Position may require travel
Bonus:
- Prior experience in eCommerce or start-up organization
- Prior experience with implementing Service Now, GRC tool or ITSM solutions
- Prior experience in automating controls and control testing, data analytics and Agile methodology
- ITIL, PMP, Six Sigma certification a plus.
Chewy is committed to equal opportunity. We value and embrace diversity and inclusion of all Team Members.
If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at Chewy, please contact [email protected].
To access Chewy’s Privacy Policy, which contains information regarding information collected from job applicants and how we use it, please click here: https://www.chewy.com/app/content/privacy).