The IT Compliance Analyst is responsible for supporting the organization’s compliance with internal and external IT policies, standards, regulations and frameworks, through executing and coordinating relevant IT compliance activities. This position will work closely with information security analysts, network administrators, systems administrators, and business unit managers in achieving the assigned goals.
Job tasks and responsibilities include:
Administer and update IT policies, procedures, and standards
Assess IT risks and update control statements
Support the enterprise risk management efforts
Assist in the coordination and execution of the IT DR program
Synchronize different compliance activities such as PCI and SOX
Map and track security control activities between various IT security standards
Coordinate with internal and external auditors
Identify and assess IT risks from new business processes or applications, and document process flows and diagrams
Facilitate and track security control remediation and improvement efforts
Enhance internal controls such as segregation of duties, change management, security, and incident handling
Administer security incident table top testing
Facilitate cyber security awareness training
Facilitate service provider risk review and management
Assist with validation of IT control effectiveness and perform other duties as assigned
The individual reports to the Director of Information Security.
This position requires knowledge and current experience in the IT risk and compliance field, with a focus on Sarbanes-Oxley, PCI-DSS, NIST Cybersecurity Framework and COBIT Control Framework. Strong interpersonal skills and the ability to effectively communicate issues are extremely valuable. Excellent verbal and written communication skills are needed. Also, the ability to stay current with the changing IT security and compliance framework is needed. The person should have strong analytical skills and adequate understanding of common IT applications and platforms. The ability to work independently as well as in a team environment including multi-level staff and external partners would be important.
The person must be an independent, highly organized and motivated team player, who is able to work under tight deadlines.
A four-year degree in Computer Science, Management Information Systems, or other related business/technology field is preferred.
Possession of a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), or other relevant IT compliance certifications is preferred.
About the Company We are one of America's top retailers of name brand sporting goods and accessories, with 433 locations spread throughout 11 western states. We provide a full-line product offering in a traditional sporting goods store format that averages approximately 11,000 square feet. Our product mix includes athletic shoes, apparel and accessories, as well as a broad selection of outdoor and athletic equipment for team sports, fitness, camping, hunting, fishing, tennis, golf, winter and summer recreation and roller sports.