Senior IT Compliance Analyst
Dallas, TX

Job Description

COMPANY OVERVIEW

For over a century, Neiman Marcus Group has served the unique needs of our discerning customers by staying true to the principles of our founders: to be the premier omni-channel retailer of luxury and fashion merchandise dedicated to providing superior service and a distinctive shopping experience in our stores and on our websites. Neiman Marcus Group is comprised of the Specialty Retail Stores division, which includes Neiman Marcus and Bergdorf Goodman, and our international brand, mytheresa.com. Our portfolio of brands offers the finest luxury and fashion apparel, accessories, jewelry, beauty, and home décor. The Company operates more than 40 Neiman Marcus full-line stores in the most affluent markets across the United States, including U.S. gateway cities that draw an international clientele. In addition, we operate 2 Bergdorf Goodman stores in landmark locations on Fifth Avenue in New York City. We also operate more than 40 Last Call by Neiman Marcus off-price stores that cater to a value oriented, yet fashion minded customer. Our upscale eCommerce and direct-to-consumer division includes NeimanMarcus.com, BergdorfGoodman.com Horchow.com, LastCall.com, and CUSP.com. Every day each of our 15,000 NMG associates works towards the goal of enabling our customer to shop any of our brands "anytime, anywhere, and on any device." Whether the merchandise we sell, the customer service we offer, or our investments in technology, everything we do is to enhance the customer experience across all channels and brands.

DESCRIPTION

Neiman Marcus Group (NMG) is looking for a dynamic, motivated, creative, self-starter with excellent interpersonal skills to be part of the Neiman Marcus risk and compliance team.

The Senior IT Compliance Analyst will be responsible for ensuring compliance with regulatory and industry mandates such as PCI-DSS, SOX, and GDPR as they pertain to the information technology components of the company. The role will include performing day to day aspects including scoping, identifying key controls, implementing controls, conducting the quarterly and annual review exercises, documenting the artifacts and the evidence and partnering with auditors and IT and business owners to complete the assessments.

DUTIES AND RESPONSIBILITIES

* Lead and facilitate compliance with the PCI Data Security Standard (PCI-DSS)
* Ensure that all controls of the PCI-DSS are implemented, documented, and monitored through the course of the year
* Establish processes to support the controls and ensure that control self-assessments are conducted in a timely manner ensuring completeness and accuracy
* Support the Risk & Compliance team to implement processes and controls to ensure company's compliance with other regulatory and industry mandates such as SOX, GDPR, and CCPA
* Participate in identifying and validating key controls to address IT and business risks and work with various teams to address identified deficiencies
* Participate in audits of third parties such as vendors, services providers, consulting organizations etc.
* Support third party audits of NMG's IT or information security programs
* Facilitate assessment and audits by internal and external auditors and assessors
* Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to support the various security, compliance and audit requirements
* Provide guidance and support to IT and business to ensure continued compliance with the various mandates
* Endorse and support a compliance culture whereby employees are encouraged to seek clarifications and support for the company's compliance initiatives

INTERNAL/EXTERNAL RELATIONSHIPS:

INTERNAL:

* Interact daily with the Neiman Marcus Information Technology teams, the Managed Infrastructure Services provider (onshore and offshore), the IT Vendor Management Organization, IT Project Management Office, and various contracted IT resources. Meet frequently with various business units to assess and evaluate information security and compliance services.
* Must be able to build relationships with technology and business teams across the company. An outgoing personality is a MUST for this position.

EXTERNAL:

* Interact routinely with assessors, auditors, service providers, consultants/advisors, law enforcement agencies and professional organizations.

COMPETENCIES:

* Thorough knowledge of PCI related standards including PCI-DSS, PA-DSS, ASV guidelines and other support documents
* Experience in implementing and utilizing compliance framework such as COSO, COBIT, NIST, and ISO 27001 etc
* Thorough understanding of SOX, GDPR, and the California Consumer Privacy Act (CCPA)
* Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security
* Familiarity with cloud-based environments and technologies with associated auditing methodologies
* Excellent documentation and communication skills

QUALIFICATIONS

* Bachelor's or Master's degree in a computer or information management field
* Cybersecurity certifications such as CISSP, CISA, CRISC, or CISM are preferred
* 5-7 years' experience in an information security compliance, audit or risk management role with hands on experience in a multitude of compliance initiatives including but not limit to
* PCI-DSS
* SOX-404
* COSO, CoBIT, ISO2700
* NIST (CSF & RMF)
* HIPAA
* EU-GDPR, CCPA
* SSAE-16 [SOC-1 and SOC-2]
* Experience with developing and implementing automation for controls and compliance is preferred
* Strong analytical and problem-solving skills with the ability to function as a change agent
* Strong skills with intermediate to advanced level expertise with Excel and PowerPoint
* Demonstrated experience in working in a high paced multi-tasking environment.

Understanding of security metrics and creation of effective dashboards for management review and consumption