Sr. Analyst – IS Risk & Compliance

Job ID: 30853

Information Technology
United States – New Jersey – Parsippany
January 11, 2017


Tiffany & Co. is currently seeking a Sr. Analyst – IS Risk & Compliance to assist in the development, enhancement and execution of the Company’s Information Security Risk & Compliance Programs. The primary focus of this role will be to enhance the design and ensure the execution of the Company’s IT General Controls which includes the quarterly control self-assessment. Overall, s/he will ensure that adequate and effective controls are in place and aligned to deliver compliance with the Company’s Information Security standards and regulatory requirements.


The Sr. Analyst – IS Risk & Compliance will lead the IT SOX Compliance Program while enhancing and/or developing IT General Controls that are efficient and effective. This role will also lead the execution of quarterly ITGC self-assessment process. The Sr. Analyst will assist in the development of a PII (Personally Identifiable Information) Data Protection Program while partnering with Legal to ensure IT standards and processes adhere to laws and regulatory requirements.

The Sr. Analyst – IS Risk & Compliance will assist and support the Vulnerability Management Program and other programs as needed. S/He will assist and/or manage internal and external audits. Additionally, this position will manage, track and monitor corrective action plans for audit findings, standards exceptions and control deficiencies.


  • 4 to 6 years of experience in IT Information Security Risk & Compliance
  • 2 to 4 years of experience with network, infrastructure and application security
  • Strong technical knowledge of applicable regulatory requirements including Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS), with working knowledge of ISO framework
  • General knowledge of applicable data privacy practices and laws
  • Demonstrated understanding of project management principles
  • Excellent written and oral communication skills
  • Excellent interpersonal skills and customer service skills
  • Ability to conduct and direct research into risk/compliance issues and products as required
  • Attention to detail
  • Proven analytical, evaluative, and problem-solving abilities
  • Ability to effectively prioritize and execute tasks in a high-pressure environment
  • Extensive experience working in a team-oriented, collaborative environment
  • PCIP, CISSP or past ISA Certifications preferred
  • Hands on experience with various security products. e.g. Rapid7, WhiteHat Sentinel, McAfee, Tripwire, CyberArk, Guardium, Pala Alto firewalls, QRadar is ideal
  • Proven, in-depth technical knowledge of Information Security principles and process and writing IT policy preferred
  • Proven experience in a governance, Risk & Compliance (GRC) framework; RSA Archer a plus