IT Compliance Analyst

About the job

The ideal candidate will maintain and improve processes that will enable J. Crew to maintain compliance with Sarbanes-Oxley (SOX) and PCI Control Objectives while also coordinating appropriate actions to mitigate risks of non-compliance.

Maintain PCI Compliance

• Prepare for the yearly PCI audit by maintaining/updating the master inventory of PCI controls.
• Consult with project teams on PCI requirements as they relate to system changes, product reviews, contracts, and RFP responses.
• Work with PCI Auditor to ensure that system designs are vetted for potential PCI compliance conflicts before these designs are implemented.
• Schedule monthly PCI scans and yearly Internal and External Penetration Tests, and work with Technical teams to ensure that Medium and High Risk Vulnerabilities are addressed.
• Schedule and coordinate yearly PCI Audit so that the PCI Auditor has access to people and resources necessary to perform his review.

Maintain SOX Compliance

• Prepare for both Internal and External SOX audits by maintaining periodic and recurring SOX controls such as oversight of termination process and firefighter ID usage.
• Consult with project teams on SOX requirements as they relate to system changes.
• Assess Business Process to ensure that they are SOX compliant.
• Ensure that issues associated with processes or applications are mitigated with appropriate controls.
• Analyze SAP access requests for potential segregation-of-duties conflicts, and prepare relevant SAP Basis access forms.
• Act as liaison between Auditors and Technical teams by coordinating requests for information and by coordinating responses to any observations.
• Execute User Access Review campaigns for in scope applications

Essential Functions

• Maintain compliance with Sarbanes-Oxley (SOX) and PCI Control Objectives.
• Support periodic, recurring activities to ensure compliance with Information Security policy such as the locking and disabling of inactive accounts and/or reporting compliance on latest security patches.

Qualifications

• 2+ years’ experience in Audit and Compliance Management roles.
• Bachelor’s degree. Concentration in computer science, management information system, or business strongly preferred.
• Experience with Sarbanes-Oxley or PCI controls
• Experience with business process design or change management
• Ability to communicate information security and operations in terms of risk
• Confident and experienced in collaborating across functional areas and departments
• Ability to communication technology in layman’s terms
• Team player with proven record of success in achieving outstanding results while working in a fast paced environment
• Excellent organizational skills, adept at multi-tasking and initiating/driving projects through completion
• Ability to perform job duties with minimal supervision

We are committed to affirmatively providing equal opportunity to all associates and qualified applicants without regard to race, color, ancestry, national origin, religion, sex, marital status, age, sexual orientation, gender identity or expression, legally protected physical or mental disability or any other basis protected under applicable law.

We are committed to affirmatively providing equal opportunity to all associates and qualified applicants without regard to race, color, ancestry, national origin, religion, sex, marital status, age, sexual orientation, gender identity or expression, legally protected physical or mental disability or any other basis protected under applicable law.protected physical or mental disability or any other basis protected under applicable law.