This site uses cookies. To find out more, see our Cookies Policy

IT Risk and Compliance Analyst in Evanston, IL at Solution Partners

Date Posted: 11/10/2017

Job Snapshot

Job Description

Job Title: IT Risk and Compliance Analyst

One of the top International Nonprofits is seeking an IT Risk and Compliance Analyst who will be primarily responsible for the day-to-day execution of, and act as the single point of contact for, IT compliance activities including monitoring and improvement efforts. The analyst will join a cross-functional team of diverse staff at the client world headquarters, working with IT staff, internal risk management, and external auditors to ensure compliance to industry standards.

PROFILE FOR SUCCESS
A positive outcome for this position is to achieve and maintain compliance to industry privacy and security standards and the creation and management of supporting knowledge artifacts.

RELEVANCE TO MISSION
This position exists to identify and resolve risks to securing private information collected during the process of taking in funds and communicating with the Rotarian community. Achieving and maintaining compliance allows Organization to continue to securely collect funds and protect Rotarians private information.

EFFICACY AND AUTONOMY
The candidate in this position must work independently, setting goals and deadlines to achieve the necessary goal of achieving and maintaining compliance and delivering and managing supporting knowledge artifacts. They must also work in consultation with a variety of other stakeholders including IT staff, internal risk management, and external auditors.

REPORTING STRUCTURE
This position reports to the Director of Information Technology, and the Chief Information Officer.

REQUIRED COMPETENCIES
•Communication (written and verbal)
•Decision Making
•Interpersonal Effectiveness
•Productivity
•Self-Management
•Service Orientation
•Professional Development

KNOWLEDGE, SKILLS, ATTITUDES, AND EXPERIENCE
Bachelor's degree or equivalent work experience (8 years work experience) Four or more years of progressive related work experience

CISA (Certified Information Systems Auditor), or other relevant certification, optional, but preferred

A basic understanding in at least one or more of the following: Information Security, IT Risk Management, IT Governance and Compliance, and IT Audit

Experience documenting/creating knowledge artifacts such as policies, standards, processes and procedures

Clear understanding of IT and application controls as well as related PCI requirements

Ability to work well under pressure

Ability to work independently and perform multiple concurrent and diversified tasks effectively

Strong interpersonal, written and oral communication skills Excellent written and verbal communication skills Excellent time management and organizational skills
Strong team player, self-motivated and detailed oriented individual Strong problem-solving skills
Proficiency with Microsoft Office Suite

SPECIFIC TASKS AND DUTIES
: Drive the creation and maintenance of the IT Risk and Compliance framework that protects Rotary assets with minimal intrusion to delivery and operational practices.
: Remain current and provide subject matter expertise for applicable industry standards, including PCI.
: Act as the single point of contact for PCI audit activities and interfacing with third party auditors.
: Manage all risk and compliance remediation and improvement initiatives.
: Ensure appropriate controls are identified, documented and have assigned owners.
: Ensure controls are proactively tested and evidence is captured for audit purposes.
: Create reusable templates for all compliance related documentation.
: Document all relevant policies, standards, processes, procedures and diagrams under the instruction of the policy owner or subject matter expert.
: Manage knowledge management platform and system.
: Centralize knowledge artifacts and ensure availability to all appropriate personnel.
: Lead organizational awareness of compliance, risk, security and privacy concepts and best practices.
: Interface with internal audit to maintain alignment with internal practices.