25 Jan
IT Compliance Analyst
District of Columbia, Washington , 20001 Washington USA

Vacancy expired!

Job Title: IT Compliance Analyst II

Reports To: Deputy Chief Technology Officer, Business Operations

Location: Washington D.C (REMOTE until April, then 3 days WFH, 2 days a week onsite)

Salary: $95K + Bonus + Excellent Benefits

SUMMARYThe IT Compliance Analyst will assist in the assessment of technology-related compliance matters across the organization including information security, identity management, user access, and data integrity for Regulation Systems Compliance and Integrity (SCI) compliance. Regulation SCI is a set of rules designed to strengthen the technology infrastructure of the U.S. securities markets. Serve as the main point of contact for IT and assist with all internal and external audit inquiries. This includes working with systems owners and administrators to identify, document and monitor current risks and controls. Suggests industry changes to policy management, records management, and exam management.

ESSENTIAL DUTIES AND RESPONSIBLITIESPolicy Management
  • Responsible for ensuring all IT policies and procedures are reviewed on schedule and updated as necessary/appropriate
  • Serves as primary point of contact for IT and responsible for all internal and external and external audit teams where IT inquiry is required
  • Regularly reviews individual IT policies and procedures contents to offer suggestions and improvements
  • Interviews SME’s and IT leadership to determine policy and procedure updates and improvements
  • Maintains an up-to-date inventory of every artifact that should be produced based on IT policies
  • Develop and maintain up-to-date IT inventories (assets, software, etc.), and quarterly, monthly, weekly, and daily controls
  • Organizes IT artifacts and controls in an efficient manner for ease of review and production
  • Identifies ways to decrease efforts to produce and collect IT artifacts (i.e., automation, AWS services)
  • Streamlines the total amount of IT artifacts by reviewing all assets and rationalizing into more singular comprehensive formats
  • Identifies gaps in control processes and works with IT leadership to develop resolution plans
  • Regularly identifies opportunities for improvements, effectively communicates these improvements to IT leadership and Legal
  • Understands the overall policies and procedures associated with Regulation SCI and play a key role in development and ongoing delivery of IT compliance and RegSCI awareness trainings
  • Assists in the execution of regular incident response and disaster recovery table-top walkthroughs and update processes and associated documentation
  • Oversees annual BCP/DR exercise process for compliance with RegSCI
  • Conducts audits and reviews as directed by IT Information Security leadership
Exam Management
  • Responsible for coordination of responses to SEC exams as they relate to IT
  • Manages IT document production
  • Coordinates and tracks IT related remediation of any exam finding
  • Briefs and prepares the IT leadership team on exam questions and interviews.
  • Monitor activities of assigned IT areas to ensure compliance with internal policies and procedures including monthly, quarterly, and annual account and activity reviews
EDUCATION/QUALIFICATIONSBachelor’s degree in a business-related field and/or equivalent years of education and experience working in a related field. 3-5 years’ experience in Information Technology or Information Security compliance. Solid knowledge and understanding of compliance frameworks (NIST, CoBIT, CIS Top 20 Security Controls and Regulation SCI) AWS certification desirable. Must have strong project management skills. Must have previous experience in an IT compliance role Desired experience in COBIT, NIST, CIS Benchmarks, AWS Compliance, Security, and modern technology architecture. Excellent interpersonal, verbal, and written communication skills with the ability to communicate compliance related concepts to a broad range of technical and non-technical staff. Demonstrated success working with internal audit, external auditors, outside consultants, and legal affairs. Extensive knowledge and understanding of audit standards and practices, and control frameworks. Extensive knowledge and understanding of information security policies, standards, and guidelines.

Vacancy expired!

Subscribe for new vacancies
Report job