Compliance and Risk Analyst

POSITION SUMMARY:

The Compliance and Risk Analyst:

• Promotes DSS's mission by ensuring that appropriate measures are taken to comply with policies and procedures, risk assessments, contractual obligations and regulatory requirements pertaining to information security.
• Works side by side with the Compliance and Risk Assessment team, the information security team, and others from across the organization to help ensure DSS and its customers' data is secure and meets organizational compliance standards.

DUTIES AND RESPONSIBILITIES:

Essential Duties:

• Participates in planning activities of information technology, operational and compliance audits across the enterprise and assists with the coordination between DSS, Inc. stakeholders and internal/external audit participants by acting as the liaison.
• Identify opportunities for enhancing governance processes and recommend improvements to reduce risk exposure and enhance operational efficiency.
• Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization's operations.
• Monitor and track regulatory changes, ensuring that the organization remains compliant with all relevant laws, standards, and industry regulations.
• Assist in the development, implementation, and revision of corporate policies and procedures to align with best practices and compliance requirements.
• Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to governance standards.
• Develop and maintain incident response plans to effectively address and mitigate security breaches or compliance violations.
• Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, and recommendations for improvement.
• Develop and deliver training programs to educate employees on governance, risk, and compliance matters, fostering a culture of awareness and accountability.
• Identify security requirements to bring a system into compliance.
• Participates and audit continuity of operations planning and disaster recovery programs.
• Participates in the implementation of the security awareness program.
• Promotes information security awareness and monitors compliance with enterprise information security policies.
• Performs other Governance, Risk, and Compliance, team duties as assigned or requested.

SECURITY AND PRIVACY DUTIES AND RESPONSIBILITIES

• Individuals working for DSS will be subject to security and privacy requirements as explained in HIPAA, FedRAMP, and NIST 800-53. Additionally, they are required to undergo specific FedRAMP training to ensure compliance with all associated controls and responsibilities in the day-to-day performance of their duties. Individuals working in departments that are considered to be in the high risk category will be required to undergo advanced training based on their role and level of access. Individuals with access to modify data and the configuration baseline will require further training.

The preceding functions are examples of the work performed by employees assigned to this job classification. Management reserves the right to add, modify, change or rescind work assignments and make a reasonable accommodation as needed.

QUALIFICATIONS:

Skills:

• Required:

• Detail-oriented with a commitment to maintaining the highest standards of integrity and ethics.
• Strong organizational skills and the ability to prioritize and manage multiple tasks efficiently.
• Strong interpersonal, team and communication skills
• Proven experience in governance, risk management, or compliance roles, preferably in a corporate setting.
• Ability to sense the importance or impact of issues and take appropriate actions.
• Ability to manage time and priorities effectively to achieve optimal results.
• Strong critical thinking, problem solving and root cause analysis skills.
• Ability to create effective procedure documents and workflow diagrams.
• Excellent verbal and written communication

• Desired:

• I Strong knowledge of regulatory frameworks, industry standards, and best practices related to GRC.
• In-depth understanding of computer security

Education:

• Required:

• Bachelor's degree in Business, Finance, Risk Management, or a related field preferred, equivalent combinations of work experience and\or education will be considered.

• Desired:
  • Master's degree or relevant certifications (e.g., CISA, CISSP, CRISC) is a plus.

Any additional training or advanced degree that supports the position.

Certification(s), Licenses:

• Required:

• Any applicable certifications or trainings that support the position.

• Desired:

• CISA, CRCM, CGEIT, CRISC, CCEP, CIPP, CISSP

Years of experience in a similar role:

• Required:

• 1+ years of experience in a similar role

• Desired:

• Any additional experience in a similar role

PHYSICAL DEMANDS:

Standing

10% per day

Sitting

75% per day

Walking

10% per day

Stooping

5% per day

Lifting

20lbs unassisted 10x per day (laptop etc.)

50lbs + unassisted up to 10% of the year while on travel (luggage, laptop, etc.)

Computer Work

50% per day

Telephone Work

25% per day

Reading

15% per day

Other -Meetings

Other - Travel

10 - 40% of the day via Teams

Travel requirements are negligible - however, unassisted t travel up to 10% of the year via common carrier and/or personal auto may be required

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

If you need an accommodation seeking employment with DSS, Inc., please email or call (561) 284-7373. Accommodations are made on a case-by-case basis.