Tiffany & Co. is currently seeking a Sr. Analyst – IS Risk & Compliance to assist in the development, enhancement and execution of the Company’s Information Security Risk & Compliance Programs. The primary focus of this role will be to enhance the design and ensure the execution of the Company’s IT General Controls which includes the quarterly control self-assessment. Overall, s/he will ensure that adequate and effective controls are in place and aligned to deliver compliance with the Company’s Information Security standards and regulatory requirements.
The Sr. Analyst – IS Risk & Compliance will lead the IT SOX Compliance Program while enhancing and/or developing IT General Controls that are efficient and effective. This role will also lead the execution of quarterly ITGC self-assessment process. The Sr. Analyst will assist in the development of a PII (Personally Identifiable Information) Data Protection Program while partnering with Legal to ensure IT standards and processes adhere to laws and regulatory requirements.
The Sr. Analyst – IS Risk & Compliance will assist and support the Vulnerability Management Program and other programs as needed. S/He will assist and/or manage internal and external audits. Additionally, this position will manage, track and monitor corrective action plans for audit findings, standards exceptions and control deficiencies.
4 to 6 years of experience in IT Information Security Risk & Compliance
2 to 4 years of experience with network, infrastructure and application security
Strong technical knowledge of applicable regulatory requirements including Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS), with working knowledge of ISO framework
General knowledge of applicable data privacy practices and laws
Demonstrated understanding of project management principles
Excellent written and oral communication skills
Excellent interpersonal skills and customer service skills
Ability to conduct and direct research into risk/compliance issues and products as required
Attention to detail
Proven analytical, evaluative, and problem-solving abilities
Ability to effectively prioritize and execute tasks in a high-pressure environment
Extensive experience working in a team-oriented, collaborative environment
PCIP, CISSP or past ISA Certifications preferred
Hands on experience with various security products. e.g. Rapid7, WhiteHat Sentinel, McAfee, Tripwire, CyberArk, Guardium, Pala Alto firewalls, QRadar is ideal
Proven, in-depth technical knowledge of Information Security principles and process and writing IT policy preferred
Proven experience in a governance, Risk & Compliance (GRC) framework; RSA Archer a plus