Controls and Compliance Analyst

Overview

Overview

The Controls and Compliance Analyst role will support Information Security processes to ensure quarterly Information Security control monitoring, testing and compliance initiatives. It will support InfoSec process teams to understand and implement control requirements.

The role will also support the implementation of control mapping and design for new controls and changes in key process areas. It requires the understanding of the Information Security standards, control frameworks, control design and testing concepts, as well as the ability to communicate and coordinate across teams.

Responsibilities

Responsibilities

• Ensure control testing activities are completed according to the Quarterly and Annual timelines
• Plan, communicate and coordinate control activities, timelines and testing
• Support risk assessment process and maintain control activities and documentation of processes and mapping control objectives and attributes
• Act as a SME on controls lifecycle, and Policy and Standards for Information Security controls
• Create and maintain reports and provide regular metrics related to control testing and effectiveness
• Collaborate with various stakeholders in managing control lifecycle including updates, quarterly testing, and reporting activities
• Provide support to process owners on controls and control activities and Information Security Policy and Standards
• Building trust and effectively communicate with Information Security and ITC teams
• Drive information security practices and processes
• Present updates to various stakeholders and levels throughout the organization
  
  

Qualifications

Qualifications

• Bachelor degree in Business, Information Systems, Computer Science (or equivalent) is required
• 3-5 years experience in Controls or Cybersecurity role preferred
• The candidate needs to have experience working in a global environment
• Ability to effectively communicate across teams, business partners and employees at all levels across the organization
• Ability to manage multiple priorities
• Solid technical understanding of application development and security controls
• Understanding of Data Classification and technical understanding of application development and security controls