IT Compliance Analyst
Denver, CO

Job Description

COMPANY OVERVIEW

Alterra Mountain Company is a community of iconic year-round destinations, including the world's largest heli-ski operation. The company owns and operates a range of recreation, hospitality, real-estate development, food and beverage and retail businesses. Headquartered in Denver, Colorado with destinations across the continent, we are rooted in the spirit of the mountains and united by a passion for outdoor adventure. Alterra Mountain Company's family of diverse playgrounds spans five U.S. states and three Canadian provinces: Steamboat and Winter Park Resort in Colorado; Squaw Valley Alpine Meadows, Mammoth Mountain, June Mountain and Big Bear Mountain Resort in California; Stratton in Vermont; Snowshoe in West Virginia; Tremblant in Quebec, Blue Mountain in Ontario; Deer Valley and Solitude in Utah; Crystal Mountain in Washington; and CMH Heli-Skiing & Summer Adventures in British Columbia. We honor each destination's unique character and authenticity and celebrate the legendary adventures and enduring memories they bring to everyone.

POSITION SUMMARY

The purpose of the IT Compliance Analyst is to protect assets by ensuring compliance with internal and external control procedures and regulations and assist on cybersecurity initiatives. The successful candidate will partner and communicate with enterprise and resort IT personnel to ensure the continuous enforcement and improvement of Alterra Mountain Company's security posture. This position will also assist with PCI compliance reviews and annual assessments that will include evaluation, remediation recommendations, and implementation.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.

ESSENTIAL DUTIES

General Responsibilities:

* Project management responsibilities including meeting deadlines, prioritizing multiple tasks, manage priorities, preparing timely status reports
* Prepares security and compliance reports by collecting, analyzing, and summarizing operating information and trends
* Collaborate with Managed Security Service Provider "MSSP" or SOC as service model
* Performs vulnerability assessments/scans and auditing of critical IT components
* Prepare PCI Security Assessment Questionnaires (SAQs)
* Maintains internal control systems by updating security and compliance programs and questionnaires
* Prepare documentation including policy development, standard operating procedures, and process flows.
* Appraises adequacy of internal control systems through data gathering
* Contributes to team effort by accomplishing related results as needed
* This job description is an overview of the scope of responsibilities and is not intended to be an inclusive list of job tasks and expectations. With the evolution of this company and position, the responsibilities of this position may change.

Travel Required

☒ Yes

☐No

Travel details:

Travel to Resorts and/or technology partners as needed. Travel estimated at 5%

COMPETENCIES & JOB REQUIREMENTS

Required:

* Regulatory experience such as PCI, Data Privacy, SOX, ISO, SSAE16
* Excellent documentation skills
* Demonstrated thoroughness and attention to detail
* Demonstrated continuous improvement analysis and implementation
* Objectivity and professional protocol

Preferred:

* Presentation and/or training experience
* Advanced Microsoft Excel skills, a plus
* Strong analytical ability
* Risk assessment experience
* Effective change management experience
* Risk, compliance management and governance experience

EDUCATION & EXPERIENCE

Required:

* BA/BS IT, Finance/Accounting, or business/law related field

WORK EXPERIENCE

Required:

* 1-3 years in IT, IT Security and Compliance or Audit experience

LICENSES & CERTIFICATIONS

Preferred:

* Certification not required, although actively pursuing relevant certification preferred (e.g. CISA, CISSP, CRISC or other certification).

PHYSICAL REQUIREMENTS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORKING CONDITIONS

Indoor/Outdoor: While performing the duties of this job, the employee may be exposed to outside weather conditions.

Hazardous Materials/Noise: The noise level in the work place is usually moderate.

Employment with Alterra Mountain Company "at will" for no definite period of time. The employee may terminate employment at any time without notice or cause, and so too can Alterra Mountain Company terminate employment relationship at any time without notice or cause.

Alterra Mountain Company Is an equal opportunity employer and a drug-free workplace. All employees and candidates are reminded that Alterra Mountain Company adheres to the U.S. and Canadian labour and employment laws, and where applicable, to any State or Provincial-specific employment regulations.