CARMAX Senior IT Compliance Analyst in Richmond, United States

8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238

CarMax, the way your career should be!

Do you want to play a key role in enhancing the Cybersecurity program for a Fortune 200 company and national brand that has also been listed on the Fortune 100 Best Places to Work for the past 15 years in a row? Do you enjoy working in a collaborative environment where your ideas can help shape the direction and development of critical cybersecurity capabilities?

Do you want to work with a team of talented professionals that have in-depth technical knowledge and be the subject matter expert in technology compliance governance and audit compliance?

Then your job search begins and ends here….

Who we are looking for:

A senior technology compliance analyst with experience in the areas highlighted below. This is a unique opportunity at a Fortune 200 company and national brand to expand your skills and influence in the Cybersecurity Program. This opportunity as a subject matter expert provides the ability to work with the Technology management teams to evaluate controls, perform control testing to improve efficiency and effectiveness of the internal controls, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. You will facilitate control reviews to accommodate new business areas as well as changes in processes. Assist the technology teams in identifying gaps between policy and process, developing recommendations to remediate control weaknesses as well as executing SSAE 18 Audit reviews of key third party service providers to ensure compliance obligations are being met including the monitoring of any remediation plans to address their weaknesses

The Day to Day:

  • Define, execute and maintain a framework for Technology Compliance management including validation and classification methods.

  • Plan, design and execute compliance testing, controls assessment and documentation across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HIPAA and other compliance requirements, as appropriate

  • Serve as trusted advisor and technology key controls subject matter expert; partner to evaluate the design and effectiveness of the control environment, both operational and technical; to develop trending for remediation efforts and overall compliance with regulatory and operational standards, and to build compliance programs including detailed exception reporting and complex configuration monitoring requirements

  • Provide direction and guidance in pre-implementation reviews of new systems and services to ensure proper controls are implemented and executed to meet compliance

  • Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet compliance standards where applicable

  • Partner and facilitate internal and external audits within the technology teams

  • As an integral member of the team, exhibiting ownership, follow through, initiative, awareness and effective communication with peers and management and ability to speak to details of compliance

  • Prepare and provide accurate, timely communications of observations, recommendations and conclusions as well as evaluating management remediation action plans

Technology Compliance Methodology:

  • Ability to understand business requirements, help design and implement industry standard Compliance management practices across all supported technology environments

  • Champion of Technology Compliance methodology by demonstrating ownership of the design aspects of the operations lifecycle

  • Passionate about continuous improvement and ownership of controls across systems and processes

  • Consistently shows the ability to mentor others in the assessment of Compliance as it relates to CarMax’s® data and processes.

  • Understand level of Compliances and exposure as it relates to systems, services and networks.

  • Driver of Technology Compliance.

  • Ability to help develop and deliver compliance training and awareness type activities with proven results across all domains.

  • Maintain a strong knowledge base and awareness of industry and technology trends, external regulations for new or changed requirements within technology and identify industry standards for core processes (e.g. NiST, PCI, ITIL, data privacy etc.)

Leadership:

  • Ability to lead remediation meeting(s) for Compliance definitions, needs assessments and design reviews that impact all areas of business systems.

  • Partner to gain consensus on Compliance approaches with a proven ability to effectively communicate remediation and prevention

  • Able to help influence the technology compliance direction of others to drive corporate Compliance

  • Ability to drive through obstacles and time constraints to successfully deliver

Here's the technology part…

Experience with the following required:

  • Strong understanding of key compliance regulations such as Sarbanes-Oxley, GLBA, HIPPA and Payment Card Industry (PCI), plus external regulations new or changed within technology and identify industry standards from which to modify core Compliance processes staying ahead of industry trends and emerging threats.

  • Experience in execution of an enterprise Compliance Governance framework, including the identification, assessment and mitigation of Compliance exposure: understanding how to balance the companies Compliance appetite and its overall impact

  • Must have detailed knowledge and experience with IT General Controls across all domains and Operational testing procedures as it pertains to SOX, PCI and privacy

  • Demonstrated ability to compare and contrast alternative technology Compliance approaches and methodologies while assessing Compliance both quantitatively and qualitatively to meet the business needs

  • Proven experience with influencing without authority to gather test evidence and translate compliance findings into actions

  • Able to assess, identify, and document third party system compliance deficiencies and recommends solutions.

  • Excellent communication skills to include but not limited to verbal and written communication; delivering organized presentations; able to tailor message to the audience; and facilitate group discussions with diplomacy and seek diverse opinions

  • Excellent analytical, troubleshooting, and problem-solving skills and perform well under fast paced, high pressure situations.

  • Dedication and commitment to world class service and to exceeding customer expectations.

  • Desire to keep current with technology and emerging technology compliance trends.

  • Possess strong organization and time management skills.

  • Demonstrated flexibility

  • Excellent organization and time management skills

Education and/or Experience:

  • Bachelor's degree in Business, with solid IT audit or compliance experience, or Computer Science, with solid business and IT Audit/Compliance experience.

  • In depth knowledge of information security, Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit

  • 5+ years working experience with enterprise technology compliance management programs, or Auditing experience, controls testing, conducting ITGC and PCI assessments and leading related project teams as a security subject matter expert in privacy, data security and control issues with technologies such as Cloud, SaaS, Linux, Windows, VMware, Intrusion Prevention

  • Previous working experience and knowledge of two or more security functions (IT Compliance Assessor, QSA, Security Specialist, IT Auditor)

  • Possession of industry certifications required: CISA, CISSP. Desired CRISC, CIA, CISM, PCI

Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application .

If you have technical problems when submitting your application, please contact us by phone (888) 922-7629 ext. 3888 or email recruiting_net@carmax.com.

CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.

Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.