IT Cybersecurity Compliance Specialist (Job 3016552)
Category: Technology
Summary:
The IT Cybersecurity Compliance Specialist plays a critical role in ensuring the organization’s information systems and technology processes are compliant with internal policies, regulatory standards, and external audit requirements. This role focuses on SOX IT General Controls (ITGCs), PCI DSS, and broader cyber risk management practices. The specialist will work cross-functionally to assess risks, perform control testing, and lead compliance initiatives that support a secure and resilient IT control environment.
Duties and Responsibilities:
This role will assess cybersecurity risks, perform control testing, manage audits, and collaborate across teams to maintain a strong, compliant, and resilient IT control environment.
SOX Compliance & ITGC Support:
- Perform and manage ongoing testing of IT General Controls (e.g., access management, change management, backups).
- Execute access governance, including privileged and user access reviews.
- Coordinate quarterly and annual SOX 404 audits, including walkthroughs and control validation.
- Maintain thorough audit documentation and facilitate remediation of any deficiencies.
- Serve as the primary liaison for IT audits and assessments.
- Monitor for control exceptions, track remediation, and ensure compliance with evolving SOX requirements.
- Propose and implement secure, compliant solutions aligned with business needs.
- Support automation initiatives for compliance monitoring.
- Contribute to IT strategic planning and process improvement efforts.
Risk Management & Control Assessment:
- Conduct cyber and IT risk assessments, aligning mitigation with business priorities.
- Assist in managing risk register, issue tracking, and remediation plans.
- Identify, assess, and monitor controls to mitigate cybersecurity threats and vulnerabilities.
PCI DSS Compliance:
- Assist in supporting the PCI DSS compliance program across systems that store, process, or transmit cardholder data.
- Assist in managing documentation and evidence for all 12 PCI DSS requirements.
- Assist in tracking remediation efforts and ensure timely closure of non-compliance issues.
- Help maintain accurate scoping of Cardholder Data Environment (CDE) and related network segmentation.
Core Competencies
Regulatory & Framework Expertise:
- Strong working knowledge of compliance frameworks and standards, including:
- SOX ITGC (Sarbanes-Oxley Act)
- PCI DSS
- NIST CSF, ISO 27001, and COBIT
- Skilled in applying technical controls and interpreting regulatory requirements.
- Expertise in preparing documentation, audit responses, and compliance evidence.
Risk Assessment & Control Testing:
- Proficient in conducting risk assessments, identifying control gaps, and implementing corrective actions.
- Experience with control design, testing, and monitoring processes.
Communication & Collaboration:
- Strong verbal and written communication skills.
- Ability to translate technical compliance concepts into business-friendly language.
- Proven ability to work with cross-functional teams and influence without authority.
Requirements:
- Four (4) year degree or equivalent experience.
- 5 to 7 years of experience in IT compliance, cybersecurity, audit, or risk management.
- Experience supporting SOX ITGC and/or PCI DSS compliance efforts.
- Proficient in evidence collection, walkthroughs, remediation tracking, and audit coordination.
- Strong documentation, analytical, and communication skills.
- Ability to work independently and manage multiple priorities.
- Certifications such as (preferred but not required):
- CISA
- CISSP
- CISM, CRISC, or PCI ISA
Analytical & Soft Skills:
- Attention to detail
- Critical thinking and problem solving
- Risk-based decision making
- Process improvement
- Verbal and written communication
- Cross-functional collaboration
- Project management and task prioritization
- Adaptability in a regulatory environment