Job Location: Makati & Mandaluyong - Philippines
The Compliance Analyst will be assigned to work closely with various internal teams and is responsible for creating, maintaining, improving, and monitoring our firm USA processes and procedures, and compliance to contractual obligations and TP Policy standards. The Compliance Analyst is expected to understand client contractual and regulatory requirements and assist process and procedure owners, in creating proper documentation as required by the many information security standards, global policies and other information security initiatives. The Compliance Analyst is expected to be familiar and provide evaluated responses to inquiries and assessments related to our firm information security standards and processes from both potential and existing clients.
The successful candidate will have a firm understanding of the documentation requirements included in various standards including ISO 27001:2013, PCI-DSS, HIPAA/HITRUST, etc., and will be able to easily articulate that understanding while assisting different internal teams in evaluating and improving existing process and procedure documentation.
Responsibilities also include:
· Work closely with process owners in documenting, reviewing, and improving global processes and procedures
· Maintain and ensure currency and completeness of the process and procedures
· Facilitate the alignment of current business processes with client requirements and external security standards/obligations such as Visa PCI DSS, ISO27001 and ISO27002, HIPAA, etc.
· Facilitate client and third party assessment
· Identifying and remediating security deficiencies and gaps with business suitable controls
· Works with global security team in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems for our firm
· Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure
· Provide evaluated response to security questionnaires, RFI and RFPs
· Serve as liaison between operations and management to maximize the adoption of and support for security plans and procedures within the organization.
· Serve as a liaison between the organization’s clients and security auditors, concerning information security and privacy incidents, laws, and policies and procedures
· Completes all special projects and other duties as assigned.
· A Bachelor's degree in computer science, engineering or a related discipline, or the equivalent combination of education, technical training or work/military experience.
· 2+ years of Information Security/Audit and Compliance/Risk Management experience
· Experience with regulatory requirements including but not limited to PCI-DSS, ISO2700, HIPAA, etc.
· Working experience in information security with a focus on documenting and managing process documentation improvements on security standards (i.e. ISO 27001/BS7799, COBIT, HIPAA, PCI, SAS70, SOX)
· Strong communication and documentation skills are highly preferred
· Experience in a regulated (financial, pharmaceutical, health care, etc.) industry is highly desired.