Job Description for IT Compliance Analyst Ingram Micro Inc.
JOB TITLE: IT Compliance Analyst COMPLETED BY: Madhur Sharma
JOB CODE: DATE: 02/05/2020
DEPARTMENT: Global IS GRADE/FLSA: 7
POSITION REPORTS TO: Manager, Compliance
APPROVED BY: Madhur Sharma
JOB TITLES REPORTING TO THIS POSITION: None
Support global activities as they relate to Payment Credit Card Industry (PCI) compliance, SOC1, SOX, ISO 27001. The Compliance Analyst is responsible for providing subject matter expertise in the atleast one of the compliance requirements. In addition, the Analyst will work with all Ingram Micro departments to coordinate the gathering, approval, and storage of PCI evidence that will be used as input to the PCI Report on Compliance (ROC) and Self-Assessment Questionnaire (SAQ) and compliancy processes.
- Work as the Subject Matter Expert (SME) on assigned projects and offers council regarding the intent of Compliance requirements
- Partners with Ingram Micro’s Qualified Security Assessor
- Undertake research as needed when questions arise
- Liaise and coordinate Ingram Micro resources, (Technology, Finance, Legal, and Human Resources) to gather compliance evidence
- Serve as the initial point of approval for acceptability of evidence
- Track status of all issues on assigned projects to ensure that all issues are being addressed
- Anticipate audit-related issues and escalate to management as appropriate
- Execute operational activities to support audit and compliance activities including technical validation processes
- Support Global IS compliance to security standards as they relate to SOX and ISO 27001 requirements
- Support Internal and External Audit activities
- Work with internal Information Assurance staff to ensure tools and reporting mechanisms are satisfactorily meeting Company objectives
- Maintain strong working relationships with internal and external support teams including Global, Regional and Country IS associates
- Work on special projects as required by management
- Support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations
Process Improvement and Associate Success:
- Self-starter with the ability to work independently and in cross functional teams
- Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
- Understands, analyzes, and documents cost/benefit analysis where appropriate.
- Actively accepts individual and team responsibilities and meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
- Ability to multi-task and work on projects concurrently and under tight deadlines
- Must be detail oriented and customer focused with excellent time management skills
- Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Systems department.
- Possesses understanding of Ingram Micro’s business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.
- A Bachelor’s degree in Computer Science, Engineering, or related Science and Math discipline with an IS or Business emphasis is required.
- 5+ years of experience with compliance projects (specifically PCI)
- Knowledge of PCI DSS the 12 PCI compliance domains
- Understands key security concepts such as access management, vulnerability and patch management, security information event management, and encryption
- Strong understanding of TCP/ IP and other network protocols
- Understanding of the basic audit best practices, standards and methodologies
- Ability to formulate detailed technical documentation preferred
- Security Certification such as CISSP, CISM, QSA or CISA preferred
- Experience using MS Excel, Word, PowerPoint and Visio
- Must possess a valid passport and be legally allowed to leave and return to originating country.
- Behavioral Competencies:
- Excellent verbal, written and inter-personal communication skills
- Strong communication skills; capable of explaining technical issues simply both verbally and in writing
- Keeps his/her manager informed of any problems, challenges, or unanticipated events affecting his/her work.
- Listens respectfully and avoids interrupting.
- Expresses ideas and suggestions in an organized and concise manner both orally and in written form.
- Solicits and readily accepts constructive feedback.
- Maintains composure when addressing an adversarial or hostile audience.
- Researches and collects appropriate data points for effective decision making.
Develops Innovative Practices
- Participate in the development of innovative ideas and solutions to problems.
- Reduces inefficiencies in work processes.
- Recognizes when it is appropriate to challenge the status quo and when it is not.
Works as a Team Member
- Supports team decisions to implement changes, suggestions, improvements, and solutions.
- Encourages and supports the exploration and application of best practices.
- Offers assistance to others and shares information regardless of personal likes or dislikes.
Acts with Integrity & Respect
- Prevents personal conflicts from interfering with his/her objectivity.
- Consistently arrives on time for meetings and appointments.
- Accepts responsibility for the results of his/her decisions and actions.
- Behaves in a way that is consistent with Ingram Micro’s values.
- MENTAL AND PHYSICAL DEMANDS:
- Must be able to exercise good, consistent judgment when evaluating technical implementations or business requirements against corporate policies or escalating issues
- Must be able to work with people from different countries and cultures
- Must be able to work in high pressure situations related to IS security matters
- Must be available for support requirements based on global responsibilities
- Must be able to work early morning and late evening hours and weekends, when required
- Must be able to communicate effectively in writing. Must be able to write clear, concise and factual evaluation documents that can be understood by others
- Must be able to participate in meetings several times a month to give and receive information
- Must be able to follow direction and procedures accurately; to organize facts and figures; apply basic math
- Daily sitting, focusing on and operating a personal computer or terminal keyboard for over 120 minutes at a time.
- Communicates by telephone for more than 60 minutes on a daily basis.
- Writes using pen/pencil or personal computer keyboard for up to 120 minutes at a time on a daily basis.
- Reads printed words and numbers in printed form and on computer/terminal monitor.
- Distinguishes objects or symbols at 20 feet or more and 20 inches or less.
- Travel by air, from 1 to 10 days, is required. Must be able to sit on a plane for up to 13 hours at a time
- EQUIPMENT USED AND NECESSARY:
Mobile device such a Blackberry
Advanced computer equipment
May be required to work in an office environment, with or without air conditioning and fluorescent lighting. May also be required to spend time in a distribution center, without air conditioning. Some geographies may have remote office conditions of lower standards than the home country.