Five9 is seeking a Compliance and Privacy Analyst, reporting to the VP of Compliance and Privacy. This person will work with Five9 various business units to assess, monitor and improve, using project management and process improvement skills, the company’s overall compliance with various data protection requirements stemming from data protection laws, regulations and standards. Laws and regulations the candidate should be familiar with include, but are not limited to, Regulation EU GDPR, the Health Insurance Portability and Accountability Act (HIPAA), SSAE 18 System and Operational Control (SOC), Gramm-Leach-Bliley Act (GLBA), and Payment Card Industry Data Security Standard (PCI DSS). A background in cloud computing and the telecommunications industry is a plus.
This role will be responsible for auditing, monitoring, reporting and improving on the overall maturity of compliance with data protection laws, regulations and industry standards. The role will also be responsible for project management of the external audits and associated projects required to comply with data protection laws, regulations and industry standards. This role requires in-depth knowledge in the areas of IT audit, regulatory compliance and process improvement. You will utilize your strong communication, analytical and troubleshooting abilities to quickly identify opportunities for improvement and propose new strategies.
Perform IT audit procedures (i.e., tests of design and operating effectiveness) relevant to Regulation (EU) 2016/679, SSAE 18 SOC, GDPR, HIPAA, GLBA, PCI DSS, etc.
Evaluate and test the design and operating effectiveness of Cloud Operations controls designed to support compliance with the SSAE18 SOC2 and PCI DSS standard.
Identify control deficiencies and weaknesses and recommend required remediation or improvements.
Create, manage, report and drive on corrective action plans (CAPs) assigned to various business units.
Investigate reports of non-compliance and provide recommendations for corrective actions.
Document and report on compliance issues and incidents.
Respond to RFPs, RFQs and Vendor Security Questionnaires as they relate to data protection, security and compliance practices within Five9.
Project manage improvements required to maintain compliance to laws, regulations and industry standards.
Provide process improvement guidance to operations teams in support of compliance initiatives.
Bachelor’s degree in Information Technology, Management Information Systems. Privacy or a related field or equivalent work experience.
3+ years of experience in IT audit, IT risk management and/or IT compliance.
Business and Information Technology experience a plus.
Excellent analytical, technical, risk assessment and IT audit skills.
Excellent project management, process improvement, organizational, and documentation skills.
Preferably a working understanding of the Federal Communications Commission (FCC telemarketing rules and regulations in addition to Regulations includiong GDPR, SSAE 18 SOC, HIPAA, GLBA and PCI DSS.
Ability to work both as a member of a team and independently.
Five9 is the leading Cloud-based Contact Center solutions provider and one of the Bay Area’s fastest growing companies. We are empowering companies to create exceptional customer experiences, increase agent productivity and deliver tangible business results using omnichannel applications powered by AI. Gartner has named Five9 as a leader in Contact Center as a Service space for 5 years in a row.