The Compliance Analyst works with management, product/program leads, the corporate compliance team, risk management, internal audit, quality assurance, human resources, legal and privacy to ensure compliance with security and privacy regulations and state and federal laws protecting customer confidentiality and privacy. The individual provides knowledge and best practice information to compliance committees, working groups, and other structures charged with oversight of the Information Security compliance program.
* Maintain an in-depth understanding of the broad regulatory landscape impacting business and IT areas. Remain current with emerging regulatory sentiments as well as solution trends in the marketplace. Understand the impact of laws and regulations on company systems and technology. * Work closely with the IT department on corporate technology development to secure information, computer, network, and processing systems. * Recommend and implement changes in security policies, standards and/or procedures as needed. * Collaborate with the appropriate stakeholders to establish and maintain a system for assessing compliance with security and privacy policies. * Translate complex regulations or industry standards into clear, easily understood information security compliance and control requirements. * Map control requirements across information security frameworks to identify overlapping requirements and compliance efficiencies. * Assist in audit reviews and information security risk assessments as needed. * Support other information security and risk management related activities as needed. * Automate manual tasks around Security Assurance and Audits. * Perform information security compliance assessments of technology infrastructure and operational processes and controls. * Monitor entity operations and systems for information security compliance. Reports to management on the status of information security compliance. * Review the security features of existing and new computer systems to ensure that they meet security requirements. * Provide information on security policies and practices for employees and others with access to customer information. Prepare, publish and communicate information on good security practices for employees and others. Ensure that training conforms to existing policies and procedures.
* Bachelor's degree in Computer Science, Information Systems or equivalent field required. * Five (5) or more years of experience in Information Technology. * Three (3) years of relevant experience with information security, control standards, and frameworks such as PCI DSS, ISO27001 and/or NIST 800-53. * Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) strongly preferred. Other certifications such as Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) desired. * Knowledge of Financial Service industry regulations, compliance, operations or auditing is highly desired. * Ability to present compliance issues and recommendations in a manner that will be understood and accepted by all responsible parties. * Experience with using RSA Archer eGRC to perform compliance and risk assessments is highly desired. * Strong analytical skills and the ability to adapt to constantly changing requirements. * Resourceful with strong creative problem-solving skills. * Strong verbal and written communication skills and the ability to interact professionally with diverse groups of managers, supervisors, and subject matter experts. * Able to function independently, under pressure and perform multiple functions and duties with minimal supervision or guidance.
About Green Dot
Green Dot is a company providing prepaid debit cards and cash reload processing services.