IT Compliance Analyst

Summary

The IT Compliance Analyst is responsible for ensuring compliance with IT governance, risk, and regulatory requirements, including PCI-DSS, Sarbanes-Oxley (SOX), and IT security policies. This role will provide expertise in IT risk management, internal controls, and compliance frameworks, working closely with IT and security teams to implement governance processes and maintain regulatory adherence. The ideal candidate has experience in IT governance, compliance initiatives, and risk assessment methodologies, with a strong understanding of IT policies, standards, and best practices.

Description

• Provide PCI DSS, SOX, and governance expertise to ensure compliance with IT internal controls.
• Utilize data analysis and risk assessment to develop a proactive approach to IT risk management.
• Identify key performance indicators (KPIs) and metrics, prepare reports and dashboards for management.
• Ensure IT controls are documented and maintained, with action plans to address any control weaknesses.
• Lead and maintain IT policy exception management processes, defining key exception reporting metrics.
• Promote IT risk assessment programs, ensuring proper risk management strategies are defined and implemented.
• Communicate IT governance and compliance objectives, fostering a compliance-aware company culture.
• Evaluate company policies and define necessary IT governance standards and guidelines.
• Review and assess IT security controls, including application and infrastructure controls, to meet governance requirements.
• Collaborate with IT teams to ensure procedures align with IT policies, standards, and guidelines.
• Work with InfoSec and Training & Development teams to create security awareness programs for all employees.
• Participate in security training and testing to ensure compliance with governance and regulatory requirements.
• Manage and lead meetings, setting agendas, maintaining focus, and identifying key action items.
• Ensure all functions align with accepted IT department standards and compliance procedures.
• Maintain workload efficiency, escalate issues as needed, and ensure high-quality deliverables.
  
  

REQUIREMENTS

Education:

• Bachelor’s degree in Computer Science, Management Information Systems, Accounting, Business Administration, or a related field.
  
  

Work Experience:

• 2 years of experience in IT governance, IT compliance, or IT audit.
• 1-2 years of experience with IT policies, procedures, and compliance standards.
• Experience in corporate retail IT is preferred.
• Formal knowledge of IT systems, processes, and software development lifecycle (SDLC).
• Strong understanding of IT governance frameworks such as COBIT, COSO, PCI-DSS, ITIL, and ISO 27001.
• 2-3 years of experience working with Sarbanes-Oxley (SOX), HIPAA, and PCI-DSS compliance initiatives is preferred.
  
  

Skills:

• Ability to define and execute IT governance programs.
• Strong project management and facilitation skills.
• Ability to work independently or within a team environment.
• Excellent interpersonal, written, and verbal communication skills to interface with various stakeholders.
• Strong problem-solving and analytical skills.
• Ability to prioritize multiple tasks in a fast-paced, evolving environment.
• Experience using Microsoft Project, Visio, Excel, and Word.
  
  

Physical Requirements & Attendance:

• Acceptable hearing and vision levels to perform job duties.
• Must adhere to company work hours, policies, and professional standards.
• 100% on-premises role; remote work is not available at this time.
  
  

This role offers the opportunity to contribute to IT governance and compliance efforts, ensuring adherence to industry regulations and best practices while supporting enterprise-wide risk management initiatives.

4o