Consultant, IT Risk Management Compliance Professional

About the job

If you’re passionate about innovation and love working in an environment where you can constantly improve and adopt new technologies to drive business results, then Nationwide’s Information Technology team could be the place for you!

As a Compliance Professional, you’ll provide consultation and monitoring on multi-level compliance issues, including state to federal laws and guidance issued by industry organizations. You’ll work with management to ensure day-to-day operations are conducted to satisfy regulatory, legal and organizational requirements. You will gain an understanding of leading-edge technologies that play a key part in keeping Nationwide safe in our increasingly threatening world and participate in and drive projects across the organization to ensure regulatory compliance of technology solutions.

Team Name And Description

  • Information Risk Management (IRM) Nationwide Technology Governance, Risk, and Compliance (GRC) Team
  • The GRC Team is responsible for ensuring that Nationwide Technology adheres to all required state, federal and regulatory bodies statutes, laws and requirements. The GRC Team regularly partners internally with our Business Solutions Areas (BSAs), Infrastructure and Operations (I&O), Legal, and Corporate Compliance to deliver meaningful results for Nationwide. We support Nationwide Technology for external audits by regulators such as the Securities and Exchange Commission (SEC), Office of the Comptroller of the Currency (OSI), and other regulators. We play a pivotal role in proving technology compliance with state Departments of Insurance and Departments of Financial Services. We lead audits and attestations for Payment Card Industry (PCI), SOC1, SOC2, Financial Reporting Controls (FRC), and HIPAA to name a few. The team also owns the Information Security Policy and the Nationwide Technology Security Standards as well as the process for Nationwide Technology Security Guidelines.

Required Skills

  • Strong knowledge and experience of compliance and security frameworks including NIST 800-53, NIST CSF, PCI DSS, HIPAA, California Consumer Privacy Act (CCPA)
  • Strong knowledge and experience in auditing controls according to well-known compliance and security frameworks
  • Strong knowledge and experience in auditing PCI DSS, SOC1/2, and Financial Reporting Controls
  • Strong knowledge in developing Risk and Control Matrix documentation
  • Thorough understanding of technical domains such as Data Protection, Identity and Access Management, Threat and Vulnerability Management
  • Ability to create documentation including process and procedure documentation for audit and compliance purposes

Desired Skills

  • Ability to digest complex issues and divide them into smaller working components
  • Good knowledge of database, automation, and monitoring tools
  • Good knowledge of data analytics
  • Ability to drive to completion the automation of controls and control testing

Compensation Grade G5

Job Description Summary

If you’re committed to delivering technology solutions to support a company providing outstanding service to its customers, then Nationwide Technology may be the place for you! Our industry-leading technology workforce personifies an agile work environment and a collaborative, inclusive culture to deliver outstanding solutions and results. If that sounds like something you aspire to, we want to hear from you!

As a Compliance Professional, you’ll provide consultation and monitoring on multi-level compliance issues, including state to federal laws and guidance issued by industry organizations. You’ll work with management to ensure day-to-day operations are conducted to satisfy regulatory, legal and organizational requirements. You will gain an understanding of leading-edge technologies that play a key part in keeping Nationwide safe in our increasingly threatening world and participate in and drive projects across the organization to ensure regulatory compliance of technology solutions.

Key Responsibilities

Job Description

  • Understands and improves current risk posture of assigned business and technology compliance and regulatory controls.
  • Helps drive new partners to join Nationwide during the sales process by providing up-to-date information on the information security practices, helping Nationwide differentiate itself from competitors.
  • Provides effective consultation services on compliance risks for all major internal and external regulatory audits, programs, projects and requests assigned.
  • Works with technology and business leaders to develop compliance solutions that effectively and efficiently drive down risk.
  • Works closely with legal professionals from the Office of Privacy to collect and review documents required for litigation and ensure Nationwide is in a great position to address legal concerns.
  • Participates in and collects documentation in support of incident response.
  • Continuously matures compliance capabilities, providing thought leadership to, and execution against, the risk inherent in all compliance and regulatory matters.
  • Identifies gaps and inconsistencies with compliance policies or practices, then leads efforts to address and resolve these gaps, applying industry standards and methods as appropriate.
  • Works with external regulators to properly and accurately respond to inquiries in a timely fashion. Ensures compliance with Payment Card Industry (PCI), Financial Reporting Controls (FRC), SOC 1 and SOC 2 requirements across Nationwide businesses.
  • Participates in and drives the Technology portions of Securities Exchange Commission (SEC), Office of the Controller of the Currency (OCC) and various state departments of insurance audits, delivering a consistent and comprehensive third-party audit experience.
  • Updates and enhances visualization of Compliance metrics.
  • Determines and develops key Compliance metrics and new areas for Compliance involvement.

May Perform Other Responsibilities As Assigned.

Reporting Relationships: Reports to Manager, Risk Leader or above.

Typical Skills And Experiences

Education: Undergraduate studies (bachelor’s degree preferred) in cyber security, management information systems, engineering, math, computer science, data analytics or comparable experience and education strongly preferred. Graduate studies in cyber security, computer science or a related field are a plus.

License/Certification/Designation: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor® (CISA), Certified Business Continuity Professional (CBCP) or another cyber certification preferred.

Experience: Five or more years of progressive work experience in compliance, audits, risk management or information security. One to three years of experience in Technology.

Knowledge, Abilities and Skills: Ability to make decisions and recommendations. Aptitude to influence, build partnerships and set priorities. Solid communication skills to interact with all levels of associates, senior management and/or vendors. Insurance/financial services industry knowledge a plus.

Other criteria, including leadership skills, competencies and experiences may take precedence.

Staffing exceptions to the above must be approved by the hiring manager’s leader and HR Business Partner.

Values: Regularly and consistently demonstrates Nationwide Values.

Job Conditions

Overtime Eligibility: Not Eligible (Exempt)

Working Conditions: Normal office environment.

ADA: The above statements cover what are generally believed to be principal and essential functions of this job. Specific circumstances may allow or require some people assigned to the job to perform a somewhat different combination of duties.

More Information

Apply for this job

Leave your thoughts

Share this job