The Internal Compliance Sr. Analyst is responsible for ensuring completion of Internal Compliance services provided by this department. In addition to contributions to the Internal Compliance services, the individual may be assigned specific projects as needed to ensure success of the Internal Compliance program. The individual will also provide guidance to other individuals who are responsible to support the BU compliance initiatives. The duties are hands-on in nature and require knowledge of operating systems, applications, databases and hospitality and vacation ownership related activities. The incumbent shall have a solid working familiarity with PCI, HIPAA, GDPR and ISO27000 series. The individual must be able work as part of a team as well as be able to perform all activities on their own with minimal supervision.
Essential Job Functions and Responsibilities:
- Assessment Services PCI Compliance, Regulatory
- Risk management, risk assessment services, and risk acknowledgments
- Policy governance policies, standards, guidelines
- Internal Compliance reviews, Solution reviews, vendor risk
- support services, policy violation support, vulnerability support, legal support, security awareness, eGRC support, advisory services
Non-Essential Job Functions and Responsibilities:
- Responsible for accurately tracking and managing their time utilization and work schedule
- Responsible to setup and coordinate meeting as appropriate to complete all initiatives assigned
- Responsible for weekly status reporting on all activities assigned scope/financial responsibility. The individual’s role is key in supporting the organizations information security Internal Compliance program. These activities will drive recommendations to spending on remediation for higher risk areas. This is a cross-business unit function and will provide input for recommendations across the entire company. There are a number of key risk indicators that are addressed by this individuals ongoing assessment and remediation tracking activities. The role will directly support the continued maturity of the information security Internal Compliance program.
- This job currently requires up to 30% travel domestically and internationally as required to full fill the roles and responsibilities of the position. This will primarily be domestic travel and require use of the airline industry. An additional 5% may be allocated to travel for training and seminars.
- Establish trust with various departments within the company to ensure timely two-way communication channels
- Understanding of compliance and risk assessment processes and be able to apply the concepts to the hospitality industry
- Ability to take direction and reprioritize as necessary to achieve all department objectives
- Plan for delivery dates and deliver on those to support the shared service model
- Self-motivated and have the ability to organize their time accordingly
- Ability to provide leadership as required to ensure delivery of service
- Perform a detailed IS Analytical role and create innovative solutions to accomplishing the risk assessment for the various initiatives assigned
- Ability to create and present status and recommendations in a manner understood by both Information Security and Business impact terminology for Senior Management
- Good organizational skills, as the data collection and archiving process, along with and working paper development are a key deliverable of this role
Minimum Requirements and Qualifications:
- At minimum a college degree from an accredited college with a concentration in either Computer Science or Information Systems Analysis and Design
- Any courses related to controls and support of hospitality industry systems is a plus
- One or more of the following certifications: CRISC, CISSP, CISA, CPA, IS, A/PCIP, CISM
- Other certifications related to Audit, Compliance, Risk Assessment, Information Security and Program Management may be accepted depending on areas of experience
- The candidate should be able to communicate in a concise manner both orally and in writing.
- Ability to present in front of an audience is a must-have skill.
- Ability to multi-task and handle multiple concurrent projects through to successful completion
- Ability to re-adjust priorities based on managements request to handle special unplanned activities
- Experience in maintaining or assessing operating system, database, application and hospitality process and procedures as it relates to information security
- System analysis and development process assessment experience for business systems
- At minimum 6 – 8 years of experience performing IS risk and/or compliance assessments
- Unless there is a legal requirement, experience will be accepted for the education requirement.
- The candidate will be empowered to present opinions on Internal Compliance as it relates to assigned projects.
- Minimal supervision on a day-to-day basis
- Decisions will be required to be reviewed by their direct management, prior to being presented to the shared services customers.
- May have direct or indirect report associated with it while performing team-based assessments
- This role will report up to the Manager of BU compliance with an indirect reporting responsibility to the Director and/or Sr. Director of Internal Compliance.
- It is critical to indicate any specific physical and/or intellectual activities that are necessary to successfully perform each essential job responsibility listed.
- Knowledge and experience with PCI requirements/testing procedures
- Knowledge and experience of third party governance
- Knowledge and experience performing IT solution/architectural reviews of applications prior to moving into production