Redtech is helping our client with a Direct Hire search for a Compliance Analyst - Service Continuity.
Title - Compliance Analyst - Service Continuity
Location: Issaquah (Seattle), WA - Selected candidate must live within 50 miles of their selected work location and can not rotate between locations. (Relocation assistance available for eligible new hires located over 50 miles from the Hub location of hire and they move to within 50 miles of the hub location)
Schedule - Hybrid - Onsite 3 days/week
Background check & Drug Test - requires successful completion.
Compensation - Target starting salary anticipated to between $110,000 - $185,000/year DOE
Level 3: $110,000 - $150,000
Level 4: $140,000 - $185,000
Benefits offering - based on eligibility:
CLIENT offers a comprehensive package of benefits including paid time off, health benefits — medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, commuter benefits, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan, financial wellness program, to eligible employees.
Compliance Analysts support the overarching values and business goals of CLIENT as they relate to meeting legal and regulatory obligations, protecting member privacy, and ensuring continued compliance.
Compliance Analysts work closely with other teams to define and set corporate guidance in response to emerging standards and legislations by making certain that all policies and procedures are implemented and well documented, performing internal reviews, and identifying compliance problems that call for formal attention. Compliance Analysts speak both technical and business language interchangeably to effectively communicate and lead.
The IT Service Continuity Disaster Recovery Compliance Analyst is to support the overarching values and business goals of CLIENT. This role is focused on business continuity, disaster recovery, and resiliency initiatives, and will provide consulting services to internal product and project teams, including vendors to review high availability solutions. The Compliance Analyst will perform services related to, but not limited to, Business Impact Analysis, Disaster Recovery Plans, and Tabletop Exercises, while aligning with Resiliency Team Members and Business Continuity Team Members to provide overarching continuity capabilities.
ROLE
● Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.
● Identifies problems, analyzes data, and presents findings in a professional manner, recommends mitigations either via new technology, alternative compensating controls, or policy modifications to improve overall security posture.
● Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.
● Establishes and implements methodologies designed to identify general system and business controls, and identifies and prioritizes risks.
● Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
● Maintains a strong understanding and adherence of current and upcoming standards, regulations, and legislation.
● Stays current with new and evolving security topics and technologies via formal training and self-directed education.
● Innovative, creative, and works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency.
● Manages and communicates key compliance milestones for critical systems and complex processes.
● Establishes and meets deadlines to ensure adherence to rules and regulations.
● Assists and supports the organization with initial compliance with ongoing preparation, testing, and monitoring of conformance.
● Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.
● Audits information system activities and systems to confirm compliance and provides management with compliance assessments.
● Develops, manages, and executes plans to communicate and remediate all known material weaknesses or significant deficiencies, and minimize any findings noted by either internal or external auditors.
● Engages and collaborates with a variety of internal departments and external organizations, may include but not limited to legal firms, law enforcement agencies, and all other levels of government to ensure follow through and completion of compliance and mitigation activities.
● Identifies risks and evaluates findings while working with internal departments/business units to appropriately address the findings.
● Works with stakeholders (e.g., department managers, project managers, and systems administrators) at different levels in the organization to understand their respective resilience needs and assists with implementing practices and procedures consistent with Costco’s policies and standards.
● Conducts Business Impact Analysis, creates Business Continuity & Disaster Recovery Plans, conducts Tabletop Exercises, and develops failover solutions.
● Develops dependency mapping models representing capabilities and relationship with the respective applications in preparation for failover projects and the creation of runbooks and DR plans.
● Supports the development and maintenance of Disaster Recovery/Business Continuity policies, standards, and guidelines.
● Develops efficient and scalable processes, templates, and program metrics as required.
● Assists with auditing of information systems’ resilience capabilities and providing the appropriate reporting.
● Partners with other IT groups and Solution Architects to conduct service resilience and continuity risk assessments on new solutions and systems, ensuring they align with our Resilience Standards and Reference Architecture Requirements.
● Coordinates and facilitates failover testing and table top exercises, including post exercise gap assessments on existing systems to identify and/or recommend appropriate continuity countermeasures and best practices.
● Builds and fosters positive relationships with key IT and business partners.
● Practices strong leadership skills consistently and mentors others on resilience best practices.
● Leverages relevant data insights to report on the resilience health for both the program and individual IT teams.
● Helps support and maintain all disaster recovery related workstreams end to end.
REQUIRED
● 7+ years’ experience in Business Continuity and Disaster Recovery related roles.
● Active Certification from DRII, BCI or similar or the ability to obtain within the first 90 days of employment.
● Experience with business continuity concepts of recovery time and point objectives, and mean time to recovery.
● Experience supporting and building/implementing enhancements for an Enterprise-wide IT Disaster Recovery Program.
● Excellent verbal and written communication and presentation skills with the ability to influence at all levels of the organization (e.g. technical teams, leadership, and external vendors).
● Solid time management skills with the ability to plan, organize, and implement multiple initiatives and deadline-driven workloads while consistently providing outstanding customer service.
● Strong project management experience to work with stakeholders to identify and roadmap solutions that support their business requirements.
● Ability to help drive and make progress under ambiguous situations.
● Ability to interpret data and processes to identify potential compliance or risk issues.
● Ability to quickly understand and map complicated data flows in order to identify and validate requirements.
● Understanding of and experience working with agile and waterfall methodologies.
● Working knowledge of information systems’ security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
● Team player and willingness to establish a strong positive working relationship with all areas of the business.
● Innovative, creative, and extremely responsive with a strong sense of urgency.
● Ability to work effectively and independently.
● Familiarity in DevOps or DevSecOps.
Recommended
● Bachelor’s degree in computer science, information technology or related field or equivalent experience.
● One or more professional certifications: DRI, ISO 22301 or equivalent.
● Experience with short- and long-term storage design techniques.
● Experience with SaaS and PaaS high availability architectures.
● Knowledge of Cloud and datacenter redundant designs.
● Familiarity with governance and policy management best practices.
● Familiarity of SDM, SDLC, and project management processes.
● Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.
● Experience in retail, supply chain, Ecommerce industries helpful.