Principal Analyst, IT Compliance

Title: Principal Analyst, IT Compliance
Location: Remote from our hubs: Dallas TX, Houston TX, Orlando Florida, Atlanta GA
Duration: Direct Hire
Compensation: $90,000 - 130,000
Work Requirements: , Holders or Authorized to Work in the U.S.

Principal Analyst, IT Compliance

The Principal Analyst, IT Compliance is responsible for developing and documenting strategies that ensure that IT practices adhere to relevant laws, regulations, and industry standards, such as Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) compliance. The Principal Analyst is a trusted advisor to senior management and has a lead role in compliance of applications and infrastructure.

The Principal Analyst is the Subject Matter Expert in compliance, conducts assessments of the most critical areas in the company, and implements controls to mitigate risks related to regulatory requirements. The role will maintain absolute confidentiality of sensitive files, data, and materials accessed, discussed, or observed while adhering to compliance policies and procedures.

Job Functions:

• Research and Innovation: Function as a SME for IT Compliance.
• Stay abreast of emerging technologies, industry trends, and best practices. Research new tools, frameworks, and methodologies that can enhance solution designs and delivery.
• Evaluate and recommend appropriate solutions. Develop and communicate technology roadmaps.
• Review and improve tools, methods, processes, and procedures.
• Regulatory Compliance Assessment: Conduct assessments and oversee assessments conducted by more junior analysts by reviewing evidence demonstrating the organization's compliance with applicable laws, regulations, and industry standards. This includes interviewing stakeholders to ensure compliance requirements are met and understood. Review policies, procedures, and controls to ensure alignment with requirements. The most senior role and decision maker in working with cross functional teams to resolve compliance issues.
• Policy and Procedure Development: Takes the lead in developing, reviewing, and update IT policies, procedures, and standards to address compliance requirements. Reviews and approves documents such as acceptable use policies and data retention policies plans. Represents the department in communicating policies and procedures to stakeholders and executive leadership.
• Compliance Monitoring and Reporting: Lead ongoing compliance activities, track regulatory changes, and prepare reports for management and regulatory agencies. Document compliance findings, issues, and serve as the decision maker for remediation efforts. Conduct impact assessments to determine the impact of regulatory changes and report findings to leadership. Assess compliance-related risks and lead the development of risk mitigation strategies. Stay abreast of regulatory changes and industry developments to ensure compliance programs remain current and effective.
• Internal and External Audits and Reviews: Conduct internal assessments and reviews to evaluate controls' effectiveness and identify improvement areas. Review access controls, data protection measures, and security configurations. Lead the response to Internal and External Audits and other stakeholders' findings and inquiries, preparing and presenting official documentation where appropriate.
• Vendor and Third-Party Compliance Management (15%): Provide oversight and decision making in vendor selection, assess the compliance of vendors and third-party service providers to ensure they meet all security and regulatory requirements. Oversee audits of third-party service providers and lead the work to resolve vendor issues.
• Training and Awareness (10%): Act as the top expert in compliance policies, standards, and procedures. Provide training and awareness programs to educate analyst team and stakeholders about compliance requirements and best practices.
• Accurate and timely report of time.
• Performs other duties as assigned.

Qualifications:

• Bachelors Degree in Information Security/Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience required. Master's degree preferred.
• 10+ years Working in a compliance role as part of a large Information Technology department documenting and communicating regulatory requirements, standards, policies, procedures and vulnerabilities related to compliance required.10+ years Auditor/assessor in a regulatory environment required.10+ years conducting assessments specific to PCI an SOX required.10+ years applying access controls and IAM principles required.
• 10+ years implementing and assessing segregation or separations of duties required.
• 10+ years leading compliance the most critical projects required.
• 5+ years participating in cross-functional technology teams required.
• 5+ years planning and managing large projects required.1+ years auditor for IT systems required.
• 1+ years in the cruise and/or travel industry preferred.

Knowledge, Skills & Abilities:

• Expert level knowledge of systems architecture and network applications and protocols, configuration, logging, monitoring, and administration to understand impacts on compliance.
• Ability to support a multisite enterprise environment.
• Leads in the field of regulatory and security standards and requirements including PCI, SOX and GDPR.
• Expertise in Cybersecurity frameworks such as NIST CSF.
• Advanced skills in critical thinking, creative problem solving, and root cause analysis with the ability to lead teams through this process.
• Outstanding analytical land attention to detail with exceptional business acumen.
• Ability to manage multiple tight deadlines, prioritize workload and achieve exceptional results.
• Ability to write and review comprehensive and concise technical reports and presentations to be consumed by non-technical individuals.
• Exceptional communication, team building, conflict management, and organizational skills
• Excellent track record of working collaboratively with cross-functional teams to achieve common goals and drive exceptional results.
• Proficiency in MS Office
• Proven ability to quickly learn and teach new technologies and concepts.

Licenses & Certifications preferred:

• CIA-Certified Internal Auditor
• Certified Project Management Professional (PMP)-PMI
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Financial Services Auditory (CFSA)
• CISSSP Certified Information Systems Security Professional
• CITGoogle Cloud Platform Certified IT General Controls Practitioner
• CSOXI Certified Sarbanes Oxley Act Practitioner

• Comprehensive medical benefits
• Competitive pay
• 401(k) retirement plan
• ...and much more!

About INSPYR Solutions
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities