This individual will guide and promote all aspects of the analysis, communication, implementation and risk mitigation of internal controls relative to the mandates and regulatory requirements to which Costco is subject, domestically and internationally. They will work with other business and legal departments to define and set new corporate guidance in response to emerging standards and legislation. This individual will be required to anticipate regulatory impacts, promote company awareness, meet compliance deadlines, propose solutions to deficiencies, reach out in support of the business/operations, and communicate effectively at all levels. This includes: directing communication of policies, procedures and testing to maintain adherence to applicable standards and regulations; providing direction and guidance to I.S. and associated business areas for the resolution of identified weaknesses or deficiencies; engaging in compliance activities and establishing/meeting deadlines to ensure that due diligence in adherence to rules and regulations can always be substantiated; coordinating these efforts across regional and international Costco operations; engaging with vendors to ensure compliance per vendor risk.
* Maintains a strong understanding of current and upcoming regulatory requirements and their impact on compliance such as GDPR, CCPA, PCI, and HIPAA. * Conducts third-party risk assessment and generate findings and recommendations. * Collaborates with stakeholders to conduct vendor Privacy/PCI/HIPAA risk assessments. * Develops, manages, and executes plans to communicate findings to necessary stakeholders and vendors. * Collaborates with the business and vendor to develop and implement controls to mitigate all known deficiencies, and minimize risks. * Works closely with I.S. Management, business, Legal and internal/external auditors to ensure successful follow-through and completion of compliance and mitigation activities. * Drives assigned tasks leveraging I.S. expertise or outside resources where needed. * Coordinates between external auditors and staff being audited if required. * Creates, updates, and maintains third-party risk management policies and standards. * Collaborates with business owners to rate vendors using the defined Vendor Risk Management methodology. * Regular and reliable workplace attendance at your assigned location.
* Assists in other areas of the department as necessary. * Assists in other departments of the company as necessary.
Ability to operate vehicles, equipment or machinery
* A Bachelor's degree in Computer Science or a minimum of 6 years of information systems security experience. * One or more professional security certifications such as ISA, HCISPP, CIPT, CIPP, CISSP or readiness to sit the examination. * Ability to interpret information security data and processes to identify potential compliance issues (SOX, HIPAA, PCI, GDPR). * Working knowledge of information systems security risk frameworks, standards, and practices. * Ability to quickly understand security systems in order to identify and validate risk exposure. * Strong familiarity with applicable privacy laws and regulations. * Thorough understanding of privacy laws, regulations, self-regulatory regimes, and industry best practices, including current and future trends. * Ability to clearly communicate effectively with all levels of staff including executives, auditors, end users, and engineers. * Ability to work effectively, independent of assistance or supervision. * Innovative, creative, and extremely responsive, with a strong sense of urgency. * Demonstrated mentoring skills (knowledge sharing and assist others in understanding technical and business topics).
* Successful internal candidates will have spent one year or more on their current team.
* Management will review the Job Analysis for this position prior to a job offer.
To Apply: Use the link below to upload all required documents to
Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.