CARMAX Technology Compliance Analyst (Remote) in Richmond, Virginia
8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238
CarMax, the way your career should be!
Do you want to play a key role in enhancing the Cybersecurity program for a Fortune 200 company and national brand that has also been listed on the Fortune 100 Best Places to Work for the past 16 years in a row? Do you enjoy working in a collaborative environment where your ideas can help shape the direction and development of critical cybersecurity capabilities?
Do you want to work with a team of talented professionals that have in-depth technical knowledge and be the subject matter expert in technology governance, compliance, and audit requirements?
Then your job search begins and ends here….
Who we are looking for:
A technology compliance analyst with experience in the areas highlighted below. This is a unique opportunity to work at a Fortune 200 company and national brand to expand your skills and influence a growing Cybersecurity Program. This opportunity provides the ability to work with the Technology teams to evaluate controls, perform control testing to improve efficiency and effectiveness of the internal controls, and to innovate and automate controls to ensure continuous compliance. You will facilitate control reviews to accommodate new business areas as well as changes in processes. Assist the technology teams in identifying gaps between policy and process, developing recommendations to remediate control weaknesses, as well as executing SSAE 18 Audit reviews of key third-party service providers to ensure compliance technology controls are being met including the monitoring of any remediation plans to address identified weaknesses.
The Day to Day:
• Perform compliance testing, controls assessment, including the completion of workpapers, summation of test results and conclusion with root cause analysis for identified issues, and when necessary, detail the remediation testing efforts across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HIPAA and other compliance requirements, as appropriate
• Identify, collect, analyze, and report on compliance and control data to in order to drive compliance initiatives and priorities.
• Serve as advisor and technology key controls subject matter expert; partner with control owners to evaluate the design and effectiveness of the control environment.
• Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest controls to meet compliance standards where applicable.
• Assist in preparation of accurate and timely communications of observations, recommendations and conclusions as well as evaluating management remediation action plans.
• Assist in developing automated compliance tools and processes.
• Gathers data, conducts analyses, and prepares related compliance reporting.
• As an integral member of the team, exhibiting ownership, follow through, initiative, awareness and effective communication with peers and management and ability to speak to details of compliance.
Technology Compliance Methodology:
• Ability to understand business requirements, to help design and implement Compliance management practices for all supported technology environments
• Champion of Technology Compliance methodology by demonstrating ownership of the design aspects of the operations life cycle
• Passionate about continuous improvement and ownership of controls across systems and processes eliminating repetitive manual processes using automation.
• Maintain a strong knowledge base and awareness of industry and technology trends, external regulations for new or changed requirements within technology and identify industry standards for core processes (e.g. NiST, PCI, ITIL, data privacy etc.)
• Ability to problem solve obstacles and find alternative ways to meet and achieve compliance goals
Here's the technology part…
Experience with the following required:
• Experience in performing risk-based testing for control compliance, including the identification, assessment and mitigation of compliance issues: understanding how to balance the companies risk appetite to compliance needs/requirements.
• Knowledge and experience with technology controls across a variety of Industry frameworks and how to test and assess controls supporting compliance for SOX, PCI, and Privacy.
• Excellent analytical skills with experience in data analysis to support reporting and testing processes.
• Knowledge and experience in utilizing data analysis software including Excel (VB), Tableau, Splunk DashBoards, and PowerBI. SQL scripting experience preferred.
• Assist in developing dynamic approaches to the implementation of and technology compliance program utilizing a variety of testing methods, both manual and automated, to provide both qualitative and quantitative results.
• Proven ability to independently gather test evidence and translate compliance findings into actionable improvement opportunities
• Excellent communication skills to include but not limited to verbal and written communication; delivering organized presentations; able to tailor message to the audience; and facilitate group discussions with diplomacy and seek diverse opinions
• Dedication and commitment to world class service and to exceeding customer expectations.
• Desire to keep current with technology and emerging technology compliance trends.
• Possess strong organization and time management skills.
• Demonstrated flexibility in a fast paced and agile environment.
Education and/or Experience:
• Bachelor's degree in Business/ Computer Science/Information Systems with IT audit or compliance experience.
• Certified Information Systems Auditor (“CISA”), or in the process of obtaining the CISA required. One or more of the following industry recognized certifications recommended: CRISC, CIA, PCI, CISSP.
• Experience in data analytics and dashboard development required.
• 3+ years working experience in technology compliance, or IT Auditing, SOX 404 controls testing, conducting ITGC and PCI assessments.
• In depth knowledge of information security, Technology Compliance industry frameworks and standards: COSO, COBiT, NIST, OWASP, SANS, and ISO-27001/2
NOTE: This is a remote work opportunity.
Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.