Regulatory Compliance Specialist 4

Minimum Qualifications

• Bachelor's degree in a related technical field and approximately 5 years of relevant experience working in a compliance, risk management, or cybersecurity role.
• Experience with development and collaboration tools such as Jira and Confluence.
• Resourceful, action-oriented with strong organization skills and attention to detail.
• Demonstrated ability to prioritize competing demands while working on complex problems.
• Ability to communicate effectively and various levels of the company, including individual contributors, engineers, senior leaders and executives.
• Comfortable in managing and delivering in ambiguous situations, with a sense of urgency and ownership.
• Ability to analyze qualitative and quantitative data to formulate meaningful insights.

Preferred Qualifications

• Understanding of various security threats, scanning toolsets, and patching.
• Technical knowledge in multiple security domain areas such as engineering, applications, system and network security.
• Skilled in risk management with the ability to make complex business/risk trade-off recommendations and decisions supported by key qualitative and quantitative analysis.
• Familiarity with compliance and security standards including PCI-DSS, ISO 2700x, and NIST.
• CISSP, CISM, CISA, CIPT, CIPM, CRISC or other relevant certification.

Qualifications:

Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. . Ability to travel.  8 plus years experience.  BA/BS or advanced degree preferred. 5-7  years  work in governance and compliance for a large corporation. CISA, CISM, CISSP, CIPP and/or, RAC, CQE, CPPS, CQA desired. Strong knowledge of IT and/or quality auditing and controls, preferable with SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002 and/or, ISO 9001, ISO 13485. Experience with  21 CFR Part 11 and HIPAA.  Knowledge and understanding of the delivery process for validated systems; specifically Computer System Validation process or CSV. Have an understanding of security and/or quality management system standards and risk management. Experience working in Information Technology, Cloud or managed hosting services. Excellent written and verbal communication skills. Ability to adjust and adapt to changing priorities in a dynamic environment. Technical acumen and the ability to understand and interpret technical specifications. Technical knowledge of Oracle Applications and Database and/or infrastructure components. Project Management skills.

Responsibilities:

Responsibilities

• Liaise between engineering, availability, compliance and security teams to track action items and drive accountability against deliverables.
• Monitor the implementation and status of compliance controls, security findings, and corrective actions.
• Design, implement, and manage processes, metrics, projects, and programs to enhance the overall compliance and security posture for the networking infrastructure.
• Facilitate responses and actions to regulatory or compliance related audits, assessments, and inquiries.
• Identify and remove obstacles that slow down or prevent project teams from delivering on compliance related goals. 
• Lead review meetings and provide regular visibility to key stakeholders and senior leadership on compliance program status. Act as a trusted partner for executive management to ensure program success.
• Provide transparent updates, help drive key decisions, proactively remove obstacles, identify risks, and address key program issues.
• Develop strong cross-organizational partnerships with key functional leaders to drive focus on business objectives. 
• Assist with ongoing controls and related functions, such as risk assessments, resiliency, and crisis management documentation.
• Contribute to and/or deliver on key critical projects relevant to our overall compliance posture in key related areas such as infrastructure life cycle management.