Senior IT Compliance Analyst

at  Richard Fleischman Associates Inc

Under the supervision of the Director of Information Security Services, the IT Compliance Analyst will assist with RFA’s IT security/compliance processes in order to support management in achieving the strategic objectives of the Company.
Our ideal candidate will be a detail & execution-oriented individual who thrives in a fast-paced environment, which is continuously evolving. They will have 5-7+ years’ knowledge and experience in understanding regulations associated with IT security audits, regulatory frameworks and compliance procedures.
As the IT Compliance Analyst will work across departmental lines, interfacing with various Company Staff, including C-Level professionals, Management, and Vendors and Clients, striving to fully understand of RFA’s internal practices, products and services in order to tackle a diverse workload and provide thoughtful recommendations when appropriate.

QUALIFICATIONS

• 5-7+ years’ knowledge and experience understanding IT security (ISO and NIST Frameworks), SOC and ISO audit examinations, and compliance regulations with a focus on CSSF and relevant regulatory frameworks (DORA, GDPR, EBA, FCA).
• Bachelors of Science in Information Security or equivalent from an accredited university.
• Strong analytical and decision making skills.
• Proven experience leading and conducting complex risk assessments and gap analyses.
• Strong analytical and problem-solving skills to identify and recommend solutions for regulatory compliance issues.
• Strong technical writing skills.
• Excellent verbal, written, and diplomacy skills.
• Effectively influences and guides others across various organizational structures using strong interpersonal skills.
• Able to communicate and collaborate with multidisciplinary teams.
• Able to effectively prioritize and execute tasks in a high-pressure environment is crucial.
• Able to decipher and apply knowledge of regulatory/accreditation requirements.
• Able to prioritize and work on multiple projects under time constraints.
• Able to adapt to shifting priorities, demands, and timelines through analytical and problem-solving capabilities.
• Able to work independently as well as in a team environment including multi-level staff and external partners.
• Strong orientation toward high standards for customer service.
• The individual will be expected to work with minimal up-front guidance and take ownership of their work product.

• Lead and conduct client risk assessment and gap analysis engagements against relevant regulatory frameworks and guidelines (CSSF, DORA, GDPR, EBA, FCA)
• Client technology and risk assessment audit coordination and assistance, including control evidence gathering and presentation to clients and auditors.
• Assist with client regulatory reporting and consulting, leveraging expertise in CSSF compliance. Prepare reports and presentations for internal and external stakeholders.
• Prepare client due diligence questionnaire responses; liaise with client and vendor contacts on due diligence queries.
• Develop, implement, and maintain internal IT compliance controls aligned with regulatory frameworks. Review existing controls for regulatory updates, perform gap analyses, and create/maintain internal and external audit/compliance schedules for Information Technology Services (ITS).
• Research, assist with the development and implementation of information security, BCP programs and policies including (Business Impact Analysis, Risk Assessment, GAP Analysis, Statement of Work (SOW), Plans, Strategies, etc.) that are appropriate for the company’s risk profile.
• Maintain quality service by establishing and enforcing organization standards.
• Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
• Assist with conducting risk assessments on business and operational processes, procedures, and policies; interprets audit results and makes conclusions on the adequacy and reliability of controls; prepares and presents reports as necessary.
• Assist in the design and enhancement of internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity; assists internal audit team and serves as a liaison with external auditors to facilitate auditing process.
• Assist in the design of audit/compliance programs to ensure ongoing evaluation and validation of ITS control effectiveness; performs other duties as assigned.