Books A Million Holding Company
IT Compliance Analyst
Books A Million Holding Company, Birmingham, Alabama, United States, 35275
Job Description: The Compliance Analyst is responsible for ensuring the company adheres to industry and legal standards and in-house policies related to compliance and security matters. In addition, implements the policies, procedures, and programs to protect the organization's data, software, and systems from unauthorized modification, destruction, disclosure and ensure operational compliance.
Roles and Responsibilities • Apply in-depth knowledge of PCI and IT compliance standards to implement and uphold security best practices that ensure regulatory compliance and safeguard organizational systems and data • Oversee all aspects of the PCI-DSS audit lifecycle, including scoping, evidence collection, gap remediation, and assessor engagement • Serve as the primary liaison for PCI-DSS assessments, working closely with auditors, internal stakeholders, and third-party service providers. • Collaborate with cross-functional teams to design and implement security solutions that meet both business and regulatory requirements
Review and refine IT security controls to identify areas for improvement and implement enhancements to strengthen security posture and ensure regulatory compliance • Monitor IT security systems and applications to proactively prevent security gaps and address deficiencies as needed • Maintain relevant technical documentation and process flow diagrams
Maintain and improve security awareness testing and training for employees Maintain and improve vulnerability management and incident response procedures Conduct periodic risk assessments, business continuity testing, and security testing Conduct periodic reviews of firewalls and other information security measures • Stay current with emerging security trends, threats, and technologies, and recommend enhancements to improve the organization's security posture
Qualifications and Education Requirements • Bachelor's degree from a four-year college or university with course work in information systems or equivalent experience • Minimum of 3 or more years of experience in Information Security Compliance
Preferred Skills • Experience with policy and control implementation to meet industry standards and regulatory requirements • Proven ability to perform the necessary functions to establish and maintain PCI compliance • Familiarity with e-discovery, breach notification, and privacy regulation
Familiarity with IT security standards such as NIST CSF and CIS Top 20 Strong technical background in computer networks, application architecture, and technical security controls preferred Familiarity with security scanning, firewalls, SIEM, EDR, identity management, vulnerability management Professional certifications such as CISSP, CISM, CISA, or similar are a plus Physical and Environmental Requirements
Must be able to sit at a computer or desk for extended periods of time. Must be able to use hands/arms to operate keyboard, telephone and for repetitive motion activities. Must be able to lift objects up to 25 lbs. with or without assistance. Must be able to communicate using speech, sight, and sound with or without assistive device. Must be able to stand, walk, stoop or crouch while performing daily activities of the job.
Roles and Responsibilities • Apply in-depth knowledge of PCI and IT compliance standards to implement and uphold security best practices that ensure regulatory compliance and safeguard organizational systems and data • Oversee all aspects of the PCI-DSS audit lifecycle, including scoping, evidence collection, gap remediation, and assessor engagement • Serve as the primary liaison for PCI-DSS assessments, working closely with auditors, internal stakeholders, and third-party service providers. • Collaborate with cross-functional teams to design and implement security solutions that meet both business and regulatory requirements
Review and refine IT security controls to identify areas for improvement and implement enhancements to strengthen security posture and ensure regulatory compliance • Monitor IT security systems and applications to proactively prevent security gaps and address deficiencies as needed • Maintain relevant technical documentation and process flow diagrams
Maintain and improve security awareness testing and training for employees Maintain and improve vulnerability management and incident response procedures Conduct periodic risk assessments, business continuity testing, and security testing Conduct periodic reviews of firewalls and other information security measures • Stay current with emerging security trends, threats, and technologies, and recommend enhancements to improve the organization's security posture
Qualifications and Education Requirements • Bachelor's degree from a four-year college or university with course work in information systems or equivalent experience • Minimum of 3 or more years of experience in Information Security Compliance
Preferred Skills • Experience with policy and control implementation to meet industry standards and regulatory requirements • Proven ability to perform the necessary functions to establish and maintain PCI compliance • Familiarity with e-discovery, breach notification, and privacy regulation
Familiarity with IT security standards such as NIST CSF and CIS Top 20 Strong technical background in computer networks, application architecture, and technical security controls preferred Familiarity with security scanning, firewalls, SIEM, EDR, identity management, vulnerability management Professional certifications such as CISSP, CISM, CISA, or similar are a plus Physical and Environmental Requirements
Must be able to sit at a computer or desk for extended periods of time. Must be able to use hands/arms to operate keyboard, telephone and for repetitive motion activities. Must be able to lift objects up to 25 lbs. with or without assistance. Must be able to communicate using speech, sight, and sound with or without assistive device. Must be able to stand, walk, stoop or crouch while performing daily activities of the job.