IS Compliance Senior Analyst

Participate in and direct the project to implement BigID on CVI IT Compliance’s behalf, and collaborate with vendors and contractors involved with the project. Upon implementation of BigID take on platform administrative duties.

Work with Manager on the technical aspects of the rollout of BigID to additional locations after initial implementation

Proactively identify applications in-scope for Privacy and SOC2 Programs.

Document and maintain record of processing activities for in-scope applications

Conduct the design of Privacy and SOC2 IT controls for in-scope applications. Support stakeholders with the implementation of these controls, including conducting readiness testing to evaluate their effectiveness.

Perform system administrator duties for applications and tools used in the Privacy and SOC2 Programs.

Collaborate on an on-going basis with the Data Protection and Legal Offices as well as other stakeholders to manage technology-driven solutions supporting the IT Privacy and SOC2 Programs.

Document IT controls, process flows and procedures for IT controls of the Privacy and SOC 2 Programs

Participate in internal and external audits of IT controls’ design and operating effectiveness related to the Privacy and SOC2 Programs, working with stakeholders to provide evidence of control processes and execution

Assess the risk and work in collaboration with stakeholders to complete remediation of audit findings related to IT controls of the Privacy and SOC2 Programs

Travel Requirements:

International travel up to 10%, off-hour meetings

Qualifications

Knowledge, Skills And Abilities:

• Exposure to or knowledge of privacy regulations and their impact on IT processes
• Excellent understanding of IT applications, infrastructure and processes, including the ability to read and understand highly technical material and to suggest technological solutions
• Excellent communication skills to be able to communicate technical concepts in layman terms to diverse audiences
• Excellent analytical, problem-solving and organizational skills with attention to detail
• Ability to work independently with minimal supervision
• Ability to effectively prioritize and execute tasks in a fast-paced environment
• Adapts readily to changes in workload and scheduling
• Detailed-oriented, independent and thorough in examination and analysis
• Highly self-motivated and self-directed
• Extensive experience working in a team-oriented environment in a collaborative manner

Work Environment:

• Normal Office Environment

• Sedentary to light physical effort necessary to perform the job
• Extensive contact with employees in the US and global locations, and with external vendors and auditors

Experience:

• 2 to 3 years of experience working on technical environments and IT operational controls
• 2 to 3 years of experience with technical control implementation
• Experience working with IT control frameworks (e.g., SOC1/2, SOX, HIPAA, ISO 27001, PCI DSS)
• Experience implementing and managing the BigID platform as well as with the implementation of data catalogues, data discovery, data redaction and other data mapping and data subject request functionality on other privacy tools (e.g., OneTrust) will be preferred

Education:

• Bachelor’s degree in business, accounting, finance, computer science, information systems or a related discipline required, or equivalent combination of education and experience. 
• CISA, CIA, CPA, IAPP’s CIPT or equivalent certification preferred