Sr. IT Compliance Analyst @ CompuCom

The Sr. IT Compliance Analyst will assist with technical expertise related to risk management and compliance with information-security related requirements. This position will define and implement approved information security policies and procedures. The Sr. IT Compliance Analyst position relies on extensive experience and judgment to plan and accomplish compliance projects and other efforts. This position assist with execution of readiness and preparedness activities for the enterprise IT Compliance Program for ISO 2000, ISO 27001, SSAE 18 and PCI DSS, as well as develop an Information Protection Program to reduce risk across the organization. The position utilizes strong policy and process knowledge as well as knowledge of a variety of technologies to identify risk and compliance issues and to drive mitigation, remediation and compliance activities within the business and IT organization. This position involves interaction with numerous departments and business functions. The individual must possess the desire to drive projects and remediation efforts to their conclusion in an environment undergoing transformation.

1. Assist team to execute on a Compliance Program and Framework to manage ISO 20000, ISO27001, SOC1, SOC2, SOC Cyber and PCI DSS compliance requirements including pre assessments and other IT compliance requirements.


2. Build and maintain compliance calendars/schedules for ISO 20000, ISO 27001, SSAE 18, Cyber Security and PCI DSS compliance requirements.


3. Facilitate both internal and external audit efforts related to IT, drive remediation activities with the business and IT, and coordinate assessment of and compliance with regulatory and legal requirement


4. Review Customer Contracts from an InfoSec and Compliance standpoint alongside Legal as well as review third party contracts and assessments for security and data protection purposes.


5. Identify, manage, and maintain work products required to implement the information security program and plan.


6. Lead compliance projects and implementations including enterprise Information Protection Projects to reduce risk around sensitive data.


7. Develop and maintain risk and compliance reporting metrics to ensure progress on these programs is managed, tracked, and understood by leadership.


8. Lead efforts to identify appropriate compliance requirements and controls based on current and future risks, policies, and architecture to ensure adequate controls are in place to meet regulatory and industry standard security requirements.


9. Provide compliance requirements, consultation and advisement to the business and project leads around data protection issues, risk management and security compliance.


10. Identify, review, assess, and enable business functions that impact information security.