Senior Compliance Analyst

Magic Leap   •  

Plantation, FL

Industry: Retail & Consumer Goods

  •  

5 - 7 years

Posted 50 days ago

Job Description:

The Senior Compliance Analyst position is a key contributor in the function responsible for overseeing the organization's cybersecurity and privacy control and governance frameworks, practices, and programs. This position is responsible for evaluating risk by leading various security risk assessments of new and existing IT systems, third parties, new businesses that are developed or acquired, and audits against various security control frameworks/standards. This position will drive actionable results from those risk assessments and be responsible for reviewing, recommending and implementing security tools as appropriate to drive improvements in the organization's cybersecurity risk posture.

Responsibilities:

  • Establishes a strategic security architecture vision, including standards and frameworks that are aligned with the overall business and IT strategies
  • Acts as information security subject matter expert; provides advisory and consulting services to business, IT departments and IS management
  • Works closely with Enterprise Architecture and Application Development to enhance the security posture of new and existing systems
  • Works to design security architecture, evaluate risk posed to the organization from and ultimately approve the implementation of systems and applications into the environment
  • Continuously assess the state of the information security program using the NIST Cybersecurity Framework and the FFIEC Cyber Assessment Tool to identify gaps and works with appropriate stakeholders to remediate deficiencies
  • Participates in the development of information security strategies, roadmaps, policies and standards
  • Ensures systems and applications are implemented with compensating controls to meet regulatory requirements (GLBA, SOX, HIPAA, FFIEC, etc.) as well as other organizational compliance (PCI) requirements
  • Tracks metrics for compliance to IS standards by application and system owners
  • Develops and mentor IS team members
  • Other duties may be assigned

Qualifications:

Knowledge, Skills, and Abilities Required:

This position will routinely collaborate with the technical and security team at Magic Leap to assess risk and ensure alignment on security policies and standards. This position is expected to be a subject matter expert in the area of assessing risk, identifying emerging cybersecurity threats and applying different cyber security control frameworks and standards throughout the organization, particularly related to National Institute of Standards & Technology (NIST), CIS Critical Security Controls, and Payment Card Industry Data Security Standards (PCI DSS).

  • Bachelor degree (or higher) –OR–4+ years of professional work experience.
  • 4+ years of IT-related work experience.
  • 3+ years of IT security or audit related work experience.
  • Experience auditing or working with security control frameworks such as NIST CSF, NIST 800-53 and CIS Critical Security Controls.
  • Experience auditing or working with various privacy regulations or compliance requirements such as PCI DSS, CPNI, GDPR, HIPAA, and Federal/State Privacy laws a plus.
  • Excellent written, presentation, and verbal communication skills.
  • Proven experience with writing detailed risk assessments/reports is preferred. Experience with audit committee or board reporting a plus.
  • Strong organization skills to effectively manage, lead and prioritize multiple projects/tasks simultaneously to quality and timely completion in a fast-paced and changing environment.
  • Experience with security/privacy policy development a plus
  • Experience with third party risk assessments a plus
  • Results driven with a passion to influence change and a strong attention to detail.
  • Effective and creative problem-solving skills.
  • Perform tasks outside normally scheduled business hours as needed to complete project work and/or implement scheduled changes as needed.
  • Human relations skills to interface with employees at all levels within the organization to manage risk in concert with the business needs that drive the company forward.
  • Professional attitude, courteous, and collaborative towards internal and external customers, third party business partners/suppliers, and other employees, particularly in collaborating with technical IT professionals to accomplish project objectives

Education:

  • Bachelor degree (or higher) –OR–4+ years of professional work experience.

Additional Information:

  • All your information will be kept confidential according to Equal Employment Opportunities guidelines.