Description
Compliance Analyst
My client requires an experienced Compliance Analyst to join their project.
The Role:
- To support the Group Compliance Manager in the implementationand maintenance of legally & contractually binding data security compliance policies within IT and its touch-points with the wider business
- To objectively assess and quantify risk within end-to-end IT processes, and summarize findings for the Group Compliance Manager, based on gap analysis between the as-Is and agreed standards
- To provide support and assistance to the wider IT teams and the business, to embed and enforce compliance to Group IT Policies and Standards
Key Responsibilities:
- Verification/enforcement of compliance with Group policies
- Maintaining the IT Risk register
- Maintaining the GRC tool
- ASV management and ensuring remediation by responsibleparties (internal or external)
- Project Management of Compliance related work
- Contract administration
- Documentation
- Reporting
Experience:
- 3 years IT Operational support (minimum Tier 2 level)
- Previous/current role in IT security or GRC or PCI DSS
- Working within a data security standards compliance projector initiative
- Work achievements related to the QSA/ISA
- Worked within an IT Service Management organization
Skills/Knowledge:
- IT Technical knowledge eg Firewalls, networks
- Business Analysis
- Project Management
- Knowledge of PCI & DPA requirements
- Thorough understanding of and appreciation of GRC concepts
and Security principles
Works with:
- Internal: IT teams (primarily based in Poland, with local
Operational IT), Audit (Group/Country), Finance (Group.
- External (across the group countries): Audit, credit card
schemes representatives eg Acquirers, formal regulatory bodies eg ICO, GRC partners, commercial partners, suppliers, contract project resources, technical design & compliance authorities from other organizations