Job Description
ATPCO is seeking a highly skilled and detail-oriented Audit and Compliance Specialist to ensure ongoing compliance with Legal and Regulatory Frameworks such as PCI-DSS, ISO 27001, and ISO 27701 standards, General Data Protection Regulation (GDPR), Data Privacy Framework (DPF), Internal Compliance Audits, and other Legal and Regulatory frameworks. The ideal candidate will have a strong background in audit preparation, working closely with auditors, collaborating with various teams to remediate audit findings, and supporting Third-Party Risk Management activities
Key Responsibilities:
- Ensuring Ongoing Compliance:
- Continuously monitor and stay updated with changes in PCI-DSS, ISO 27001, and ISO 27701 standards.
- Ensure all policies, procedures, and practices comply with regulatory and organizational requirements.
- Conduct regular internal audits and risk assessments to identify areas of non-compliance.
- Develop and implement corrective action plans to address any identified gaps.
- Audit Preparation:
- Maintain comprehensive and accurate documentation of all compliance-related activities, policies, and procedures.
- Ensure all records are readily available for audit purposes.
- Coordinate with various departments to gather necessary documentation and evidence for audits.
- Conduct pre-audit reviews to ensure readiness and compliance.
- Audit Support:
- Serve as the primary point of contact for external auditors.
- Facilitate communication between auditors and internal teams.
- Provide auditors with required documentation, explanations, and evidence.
- Address any questions or concerns raised by auditors promptly and accurately.
- Review audit findings and collaborate with relevant teams to develop and implement remediation plans.
- Track and document the progress of remediation efforts resulting from audit findings to ensure timely resolution.
- Identify opportunities for process improvements to enhance compliance and reduce the risk of future findings.
- Implement best practices and lessons learned from previous audits.
- Third-Party Risk Management and ATPCO Security Assessments:
- Conduct risk assessments and due diligence on third-party vendors to ensure they meet ATPCO's security and compliance standards.
- Maintain a database of third-party risk assessments and ensure regular updates and reviews.
- Collaborate with the procurement and legal teams to ensure that all third-party contracts include necessary compliance and security requirements.
- Monitor third-party compliance with agreed-upon security and compliance standards.
- Facilitate RFP processes and address customer security self-assessment questionnaires regarding ATPCO’s information security controls.
- Document and report on third-party incidents and their impact on ATPCO’s compliance posture.
- Training and Awareness:
- Develop and deliver training programs to ensure staff are aware of compliance requirements and best practices.
- Promote a culture of compliance within the organization through ongoing awareness training campaign.
Qualifications:
- Bachelor’s degree in Information Security, Compliance, or a related field.
- Professional certifications such as CISA, CISM, CISSP, or equivalent are highly desirable.
- Extensive knowledge of PCI-DSS, ISO 27001, and ISO 27701 standards.
- Proven experience in audit preparation, conducting internal audits, working with external auditors, and third-party risk management.
- Strong analytical, problem-solving, and communication skills.
- Ability to work collaboratively with cross-functional teams.
- Detail-oriented with a high level of integrity and accountability.
Benefits:
- Competitive salary and benefits package.
- Opportunities for professional growth and development.
- Collaborative and dynamic work environment.
- Promote a culture of compliance and ethical behavior within the organization through ongoing awareness campaigns.
Salary Range: USD $119,000 to $125,000
The disclosed range estimate has not been adjusted for applicable geographic differential associated with the location