IT Compliance Analyst

$73,400 - $120,500/Yr

Vista Outdoor - Springfield, IL

posted 5 months ago

Full-time - Mid Level
Remote - Springfield, IL
Apparel Manufacturing

About the position

The Compliance Analyst role within Vista Outdoor / Revelyst is a pivotal position that collaborates closely with business stakeholders as well as IT Operations and IT Security teams to enhance compliance programs across the organization. This role is designed to support various compliance initiatives, including vendor vetting, staying current on regulatory changes, assessing compliance requirements, overseeing projects, and conducting internal compliance assessments. The position offers flexibility, allowing you to work from your home office or from the Anoka, MN office, which is a significant advantage for work-life balance. As a Compliance Analyst, you will be responsible for validating the coverage and configuration of solutions required by PCI DSS, which is essential for maintaining the security of payment card transactions. You will also support the enhancement of the company's privacy posture, ensuring compliance with regulations such as PII, DPA, GDPR, CCPA/CPRA, CDPA, and Cookie Compliance. Conducting third-party risk analysis will be a key part of your responsibilities, which includes reviewing Data Processing Agreements (DPA) and SOC 2 documents to ensure that vendors meet compliance standards. Additionally, you will interface with the Internal Audit team to ensure compliance with SOX regulations following the COSO framework. Your contributions will extend to compliance initiatives for Department of Defense contracts, including NIST 800-171, DFARS, CUI, Form 889, and CMMC. You will also analyze e-commerce fraud, perform technical project management, and author necessary documentation to support compliance efforts. Your role will require you to partner with Subject Matter Experts (SMEs) to design and implement solutions for remediation, as well as gather, collate, classify, monitor, and report information related to compliance evaluations. Understanding company policies and procedures, along with the functional business disciplines being reviewed, will be crucial to ensure that compliance efforts are timely and effective. You will also be tasked with reviewing and recommending changes to procedures and information security policies to support industry best practices and mitigate risks effectively.

Responsibilities

  • Validate the coverage and configuration of the solutions required by PCI DSS.
  • Support enhancement of privacy posture (PII, DPA, GDPR, CCPA/CPRA, CDPA, Cookie Compliance, DSAR).
  • Conduct third-party risk analysis (includes reviewing DPA and SOC 2 documents).
  • Interface with Internal Audit team for SOX compliance following the COSO framework.
  • Contribute to compliance initiatives for DoD contracts (NIST 800-171, DFARS, CUI, Form 889, CMMC).
  • Analyze e-commerce fraud.
  • Perform technical project management and author documentation.
  • Partner with SMEs to design and implement solutions required for remediation.
  • Gather, collate, classify, monitor, and report information in relation to an evaluation.
  • Understand company policies and procedures and the functional business disciplines being reviewed to ensure appropriate, timely, and effective compliance efforts.
  • Review and recommend procedure and information security policy changes to support industry best practices and mitigate risk.

Requirements

  • 3-5 years IT compliance experience.
  • Ability to successfully partner and collaborate cross-functionally with IT, Internal Audit, Legal, and Engineering.
  • Knowledge of industry standards and compliance best practices.
  • Experience in IT operational processes, security practices, and remediation.
  • General IT knowledge in: Change Management, Application Security, Access Security, Computer Operations, Segregation of Duties, Cloud Environments.
  • Experience with Microsoft Office applications.
  • Strong organizational, interpersonal and communication (verbal and written) skills.
  • Ability to manage your individual workload to balance multiple priorities to achieve deadlines and project milestones.
  • Ability to recognize and communicate business risks and understand business processes and functional linkages between processes, risks, and controls.

Nice-to-haves

  • Bachelor's degree in Information Systems, Computer Science, or related-field.
  • Industry Certifications (PCI QSA/ISA/PCIP, Security+, CISSP, OneTrust, etc.).
  • Knowledge of the following: Penetration Testing, Vulnerability Scanning, Anti-virus and Malware, Application Code Scanning and Secure Coding Practices, Configuration Management, File Integrity Monitoring, Multi-Factor Authentication, Encryption and Key Management, Hardening of servers and network devices.

Benefits

  • Medical and dental insurance
  • Vision insurance
  • Disability insurance
  • Life insurance
  • 401K
  • Paid Time Off (PTO)
  • Tuition reimbursement
  • Gear discounts

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service