SOX Compliance Analyst

Location:  Miami, FL

Work authorization: any (candidate must be authorized to work in US)

Must-have skills: IT Security and Compliance, Active certifications in one of the related areas of security and compliance such as: CISA, CISM, CISSP, CRISC, GIAC, ISC, CEH, IAM, GSLC. PCI Assessments, SOX audits, 2 frameworks (e.g. SOX, SOC 2, ISO, NIST, COSO, COBIT, etc.), cruise of big environment, PII, EUGDPR, HIPPA.

Estimated Duration:  6 months with possible extension​

Requirements:

  • Related and progressively more responsible and expansive work experience in IT Security and Compliance disciplines (2+ years);
  • Experience in IT Security and Compliance (2-5 years, preferred);
  • Experience supporting PCI Assessments and SOX audits Compliance controls reviews for applications and databases related to SOX, PCI, PII, EUGDPR, HIPPA, etc;
  • Experience reviewing and updating IT policies, standards, and guidelines from the lens of a compliance professional;
  • Experience balancing competing projects concurrently; asking questions and getting information to diagnose security related problem;
  • Experience as a member of an IT Compliance or Information Security team with a focus on compliance with the ability to communicate compliance related concepts to a broad range of technical and non-technical staff;
  • Experience as a project leader;
  • Experience with at least two security control frameworks (e.g. SOX, SOC 2, ISO, NIST, COSO, COBIT, etc.);
  • Experience with common compliance standards (SOX, SOC2, PCI-DSS, GDPR, COSO, COBIT, NIST, and/or ISO 27001;
  • Experience working directly with internal or external auditors for at least one of the listed standards;
  • Experience with a variety of reporting operations and procedures;
  • Experience planning, coordinating, and executing complex IT security and compliance assignments; design and applies tools, techniques, and procedures to maintain highest standards of IT Security and Compliance;
  • Active certifications in one of the related areas of security and compliance such as CISA, CISM, CISSP, CRISC, GIAC, ISC, CEH, IAM, GSLC.

Responsibilities:

  •  Coordinate and execute remediation efforts arising from compliance deficiencies (Policies, SOX, PII, EUGDPR, CCPA, PCI, HIPPA, Pen tests, etc.) Effectively plan and manage information protection initiatives and projects to ensure that objectives, schedules, and budgets are met;
  • Review security and controls to address areas such as applications, databases, infrastructure, security administration, user identification and authentication, access to data, monitoring and reporting. Implement and enforce control framework related to CCL’s regulatory and compliance standards (PCI, SOX, EUGDPR, CCPA, PII, HIPPA, etc.);
  • Review and update CCL information security policies and procedures. Update compliance guidelines and standards for CCL applications, databases, infrastructure, networking systems and computing platforms;
  • Evaluate security and control aspects of technologies including internally developed applications and defines security requirements to ensure compliance guidelines are met and maintained;
  • Perform periodic compliance assessments of information applications and technology, analyze results, and develop action plans to mitigate risks. Manage the exception process for risks that cannot be remediated in stipulated timelines;
  • Provide consultative services and awareness to business units regarding risks, standards of due care and appropriate information security safeguards;
  • Perform other information system department functions as assigned by the Security and Compliance Manager.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx