Risk and Compliance Analyst I

Summary

The Risk and Compliance Analyst assists with oversight and documentation of the Information Security/Information Technology risk management program, third party risk assessments, and corporate BCP/DR initiatives. This role is also responsible for executing a variety of annual/quarterly/monthly procedures/controls such as: user access reviews, policy updates, testing, etc. This role also interfaces between IT management and both internal and external auditors for compliance initiatives including providing requested audit inputs. This role reports to the Manager of Risk & Compliance.

Visa Sponsorship Available

No

Minimum Requirements

Combination of Education and Experience will be considered. Must be authorized to work in the US as defined by the Immigration Act of 1986. Must pass a Criminal Background Check.

Education:  Associate's Degree 

Years of Experience:  Minimum two (2) years of experience in Internal Audit (IT Audit Preferred), IT Risk, or Information Security.

Preferred Requirements

••Experience with project management skills (task identification, prioritization, and documentation).

•Ability to effectively balance multiple responsibilities which may frequently change.

•Aptitude to learn information quickly and apply risk/control considerations which impact downstream decisions.

•Critical thinking skills with strong attention to detail and follow up.

•High degree of professionalism and personal integrity.

•Ability to work with a high degree of independence.

•Excellent documentation skills (process, control, policy, and risk documentation).

•Excellent verbal and written communication skills across all levels of personnel (through executive management and the Board of Directors).

•Ability to support ongoing risk analysis to determine what services or support may be required.

•Familiarity with IT functions to assist in the preparation of recovery procedures in these areas.

•Experience with developing, writing and editing technical IT documents.

•Fast learner in IT GRC standards and policies.

•Industry certification are a plus.

•Experience with either GRC (Governance, risk management, and compliance) or IRM (Integrated Risk Management) applications is a plus.

•Familiarity of Industry "Best Practices" such as ISO 27001, PCI-DSS.

•Familiarity with TCP/IP and related protocols.

•Familiarity with intrusion detection and prevention techniques.

•Ability to conduct research into security issues and products as required.

•Familiarity of standard risk management/control frameworks such as COBIT, ISO 27005, COSO, NIST 800-30, and ITIL.

•Understanding of internal audit and risk-based methodologies.

•Familiarity with Sarbanes-Oxley (SOX).

•Understanding of NIST and PCI standards.

•Experience or understanding of any of the following areas: IT Audit, IT Risk and/or Information Security.

•Understanding in assessing risk and risk management practices.

•Possess in-depth/significant knowledge of IT policies, standards and procedures, security frameworks and their development and implementation.

Job Duties

•Involved in all areas of IT Governance, Risk and Compliance.

•Perform risk assessments for IT including identifying the risks presented by technological and process changes as well as the review of supporting processes/procedures, etc. to ensure the proper controls are in place and risks are appropriately mitigated.

•Gather relevant business, regulatory, process, and system information; validate/update process flows, risks, and controls; prepare accurate, complete, clear, and timely analysis and documentation that reflect an ability to identify risks and independently assess the adequacy and effectiveness of IT internal controls, policies, processes and procedures.

•Participate in maintaining the risk register and support continuous improvement of IT risk management processes.

•IT risk consulting: work with management and team members to assess risks associated with technology solutions and ensure appropriate remediation strategies are employed. Consult with managers and team members to identify and assess current and emerging risks and strategic initiatives.

•IT regulatory examinations and internal audits: support IT audits to ensure their success and timely completion.

•Assist IT managers and team members in writing the effective controls and action plans for any identified deficiencies.

•IT risk metrics and reporting: assist in the development of risk metrics and reporting frameworks for IT risk and compliance. Deliver these metrics and reports on weekly, monthly and quarterly basis.

•Support the testing request lists from internal and external auditors, providing the interface between IT management and the auditors.

•Define action plans and timelines with process owners and manage them to completion/implementation.

•Assist with Information Security Incident Management: support the investigation, document and report on incidents that impact confidentiality, integrity and/or availability.

•Assist with IT policies, standards and procedures; ensure IT Policies, Standards and Procedures meet the guidelines established for each; ensure they are properly housed, refreshed, inventoried and approved.

•Draft Information Security deliverables to both internal and external partners on a variety of topics including security breaches, policy governance, etc.

•Conduct scheduled assessment to identify gaps in IT business continuity, emergency and disaster recovery plans.

•Maintain and update plans and practices to achieve efficient and effective communication and restoration of operations during IT emergencies.

•Assist in the coordination of Disaster Recovery initiatives, plans and failover exercises.

•Support IT business continuity planning awareness training and identify potential business interruptions, develop safeguards against these interruptions, and implement recovery procedures in the event of a business interruption. Provide documentation and training on contingency planning concepts and procedures.

•Assist in the completion of assessments of the operational effectiveness of the security controls and support any required remediation.

•Assist in the execution of information security programs, including meeting PCI compliance requirements.

•Assist in the development and updates of compliance standards.

Physical Requirements

The Physical Demands and Work Environment described here are a representative of those that must be met by a Team Member to successfully perform the essential functions of the role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the role.

Office/IT - While performing the duties of this job, the Team Member is regularly required to stand, sit, talk, hear, see, reach, stoop, kneel, and use hands and fingers to operate a computer, key board, printer, and phone. May be required to lift, push, pull, or carry up to 50 lbs. May be required to work various shifts/days in a 24 hour situation. Regular attendance is a requirement of the role. Exposure to moderate noise (i.e. business office with computers, phones, printers, and foot traffic), temperature and light fluctuations. Ability to work in a confined area as well as the ability to sit at a computer terminal for an extended period of time. Some travel may be a requirement of the role.

Essential Services Provider

Allegiant as a national air carrier is deemed an essential service provider during declared national and state emergencies. Team Members will be required to report to their assigned trip or work location during national and state emergencies unless prohibited by local, state or federal order.

EEO Statement

We welcome all individuals from varied backgrounds and experiences to apply. Our company values the unique perspectives and talents that each person brings to our team.

Equal Opportunity Employer: Disability/Veteran

For more information, see https://allegiantair.jobs