IT Governance, Risk and Compliance Analyst

Company: AutoNation Headquarters
Location: Deerfield Beach
Posted on: June 20, 2022

Job Description:

**Must be at least 18 years old to be considered.** - Overview: Position Summary: - The IT Governance Risk and Compliance Analyst plays an active role in helping implement and manage information security compliance and privacy objectives. - The GRC Aanlyst will act as a trusted advisor for risk and controls impacting security and regulatory compliance obligations (i.e., PCI, SOX, CCPA, etc. The Analyst also assists in the design and implementation for security technology solutions to support compliance needs. - Job Responsibilities: Assist -in the development and maintenance of information security policies and to enable compliance with applicable regulations and industry standards, including Payment Card Industry Data Security Standard (PCI DSS), California Consumer's Privacy Act (CCPA), and Sarbanes Oxley (SOX). - Assist in the design, implementation and monitoring of IT and Security related controls to address security risks and compliance obligations. Perform security risk assessments on new or existing IT products, services, and technologies; review controls and assign/address residual risk using the organizational risk management -methodology. - - Support the development and execution of an annual enterprise-level IT risk assessment. - Work to evaluate, design, implement new capabilities in RSAM (GRC Solution) to support ongoing use, such as report generation, record status monitoring and tracking, -user -and workflow management. Provide -support/assistance to internal customers in the areas of risk management, -technology -and business process security controls, to enable more informed decision making, risk -mitigation -strategies, documentation, and achieving controls compliance. - Identify -opportunities and support efforts to drive organizational information security risk posture and process improvement. - - Maintain strong working relationships with IT and business partners involved in managing information security risks across the organization. - Work closely with regulators and auditors as a point of contact for information requests and issue management/escalation. - Organize and/or support IT GRC-related meetings; prepare meeting agendas. Support information security risk management program reporting efforts. - Support IT GRC team members as necessary with other IT GRC program areas, including but not limited to vendor risk management, information security training and awareness, PCI DSS self-assessments, CCPA data requests, and SOX internal control reviews. - Other tasks as assigned - Technical Expertise: 2+ year's relevant experience in IT Controls/Compliance, IT Audit or Information Security. Working knowledge of risk management concepts, and relevant security/ IT controls frameworks (NIST CSF, 800-53, CIS, SOX ITGCs). Bachelor's Degree in computer science, Information Technology, or other related field of study; or any equivalent combination of relevant background, skills and experience. Have or planned to have one or more industry standard certifications (i.e., CISSP, CISA, CIRISC, CIPP, PCI-QSA, etc.). Demonstrated collaborative skills and ability to work well within a team. Strong analytical, prioritizing, interpersonal and problem-solving skills High degree of proficiency MS Office Suite (Excel, PowerPoint, MS Word) and Internet applications. Knowledgeable and proficient with cloud-based tools and storage (i.e., Azure, SharePoint, collaboration tools, etc.) Other complimentary skills include: Hands-on experience with GRC tools such as RSAM, etc. Knowledge or experience with vendor review process Working knowledge and/or experience with Security Policy Programs Next Possible Position: Information Security Engineer - Physical Requirements: Extended working hours may be required as dictated by management and business needs. Ability to travel (25%) to multiple facilities as business needs dictate. May be required to lift, push, or pull materials weighing up to twenty (20) pounds. May be required to sit and review information on a computer screen for long periods of time. May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard. - AutoNation is an equal opportunity employer and a drug-free workplace. - Keywords: Information security; PCI, SOX, CCPA; IT Security; security risk assessments; Fort Lauderdale; South Florida; IT Security Analyst

Keywords: AutoNation Headquarters, Deerfield Beach , IT Governance, Risk and Compliance Analyst, Professions , Deerfield Beach, Florida