IS Compliance Risk Analyst #3027~ Costco Wholesale
Issaquah, WA

Job Description

Position Summary

The IS Compliance Risk Analyst supports Costco's strategy to maintain the compliance posture required by laws and industry regulations. This role is responsible for the understanding, analysis, communication, implementation and mitigation of controls that meet or exceed domestic and international mandates and regulatory requirements.

Job Duties/Essential Functions

* Participates in and influence information risk assessment process improvement
* Schedules and performs information risk assessments using internal and industry methodology; identifies, documents and communicates control deficiencies in business processes and technology systems
* Works with the business and technology to agree cybersecurity risk findings identified through the risk assessment process.
* Provides risk remediation recommendations that the business and technology may implement to mitigate identified control gaps.
* Partners with business and IT to ensure that risks are clearly articulated in a manner that is understood by business and technology audiences.
* Evaluates management responses to ensure that remediation plans and tasks adequately address identified control gaps.
* Documents risk issues in the internal designated risk register
* Assists the business and technology groups through the internal process for policy exceptions and risk acceptance.
* Regular and reliable workplace attendance at your assigned location.

This individual will be required to 'do what it takes' to anticipate regulatory impacts, promote company awareness, meet compliance deadlines, propose solutions to deficiencies, and communicate effectively at all levels.

Non-Essential Functions

* Assists in other areas of the department as necessary.
* Assists in other areas of the company as necessary.

Ability to operate vehicles, equipment or machinery

Computer, phone, printer, copier, fax

Experience, skills, education & licenses/certifications

Required:

* Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, control standards, secure coding principles, and security technologies.
* Knowledge of emerging technology and the security governance implications.
* Knowledge of information security fundamentals, best practices and industry standards with prior responsibilities of protecting information assets.
* Experience with ISO 27001-2, NIST 800-53, ISO 27018 , HITRUST or other frameworks.
* Effective interpersonal skills and the ability to thrive in a team environment.

Recommended:

* PCI or HIPAA/HITECH or SOX Compliance experience.
* Highly organized to manage multiple sets of Control Owners and Control Performers, and effective in leveraging existing operations on upcoming initiatives.
* Excellent written and oral communication skills, as well as strong interpersonal and communication skills.
* Ability to interpret data and processes to identify potential compliance issues, risks and vulnerabilities.
* Ability to propose creative solutions to successfully remediate identified compliance issues.
* Ability to quickly understand security systems in order to identify and validate security requirements.
* Familiarity with privacy laws, data protection/security regulations, and frameworks, such as ISO27001, PCI, HIPAA/HITECH, SOX, PIPEDA.
* Information Security, Audit or GRC-based Certifications such as CISSP, CISA, CISM.
* Successful internal candidates will have spent one year or more on their current team.

Other Conditions

* Management will review the Job Analysis for this position prior to a job offer.

To Apply: Use the link below to upload all required documents to

https://chm.tbe.taleo.net/chm02/ats/careers/requisition.jsp?org=COSTCO&cws=1&rid=3027

Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.