Sr. IT Compliance Analyst
Req #22852
Our current portfolio of media assets includes USA TODAY, local media organizations in 46 states in the U.S., and Newsquest, a wholly owned subsidiary operating in the United Kingdom with more than 120 local news media brands. Gannett also owns the digital marketing services companies ReachLocal, Inc., UpCurve, Inc., and WordStream, Inc., which are marketed under the LOCALiQ brand, and runs the largest media-owned events business in the U.S., USA TODAY NETWORK Ventures.
To connect with us, visit www.gannett.com.
Job Purpose:
The purpose of this role is to contribute to the overall effectiveness of the company’s Technology/Cybersecurity Governance, Risk and Compliance programs. This person will focus primarily on the Execution Phase of projects and activities related to the company’s compliance with SoX, PCI, and other similar standards.
This role will work closely with stakeholders across the organization including Technology, Company’s Internal Audit department, Corporate Controller, Human Resources, and external audit teams to help satisfy compliance, audit, and risk management requirements. This role will also interact with development, infrastructure, networking, and application management teams with the intent to develop, rationalize, and optimize our IT General Controls environment.
Accountabilities:
- Requires the ability to perform complex and diverse duties under deadlines and operating constraints. Capable of delivering large, complex projects, often involving the coordination of activities of other business units in the company.
- Requires ability to develop, recommend, and execute plans and programs with greater organizational impact.
- Identify and validate key controls to address Technology compliance and business risks and work with various teams to address identified deficiencies.
- Perform audits of third parties such as vendors, services providers, etc.
- Support third party audits of GCI’s Technology or information security programs.
- Facilitate assessments and audits by internal and external auditors and assessors across technology.
- Ensure that appropriate documentation in the form of policies, standards and procedures are created and managed to support the various security, compliance, and audit requirements.
- Develop, document, and implement, broad, enterprise, line of business metrics and reporting highlighting the position of Technology risk management and compliance frameworks.
Key Responsibilities:
- Develop and distribute metrics on the health and well-being of technology risks and compliance objectives.
- Support the IT third party management program.
- Serve as a member of compliance, security, and other boards and committees as needed.
- Contribute to the development and implementation of cybersecurity and compliance policies, standards, and procedures.
- Contribute to the design and implementation of IT General and Application Controls to ensure Gannett’s compliance obligations are met (e.g.: PCI, SOX, HIPAA, etc.).
- Contribute to the design and implementation of IT security controls to ensure Gannett’s compliance with NIST CSF.
- Assess the company’s control environment using the NIST CSF.
- Provide coordination and support for internal and external audits.
- Other IT and security compliance duties as assigned.
- The position will report directly to the Director of Technology Compliance and Risk Management and will be expected to engage with Information Security and other teams within Technology and senior management.
Requirements:
- Education Preferred: Bachelor's or master’s degree in a computer or information management, or other related fields.
- Certification(s) Preferred: Certified in Risk and Information Systems Controls (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or PCI Internal Security Assessor (PCI ISA).
- Experience Required or Preferred: 2-5 years of experience in Information Technology Compliance, Audit or Risk Management:
- Developing, evaluating, or implementing IT General and Application controls.
- Developing cybersecurity and technology policies.
- Supporting an enterprise-wide cybersecurity metrics and reporting program.
- Supporting an IT third-party management program.
- Strong organizational skills.
- Detail-oriented, focus on developing solutions from the ground up.
- Self-motivated, inquisitive.
- Level of adaptability; open to changes in organization or process.
- Desire to stay ahead of emerging trends.
- Ability to manage time and balance multiple projects.
- Proficiency in Microsoft Office.
Preferred skills:
- Intimate understanding of Sarbanes Oxley, PCI, HIPAA.
- Experience in implementing and measuring organizational maturity with the NIST Cybersecurity Framework.
- Excellent documentation and communication skills.
- Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate.
- Strong Understanding of Cloud Technologies and security controls needed to protect them.
Travel Requirements: 10%
#LI-REMOTE
Other details
- Job Family IT Security
- Job Function Technology
- Pay Type Salary