Compliance Analyst

Compliance Analyst
Richfield, MN (Hybrid)

Tell us about your department:

Enterprise Information Protection's mission is to identify, protect against, detect, and respond to information security threats across all entities and subsidiaries, reasonably mitigating risks to the confidentiality, integrity, and availability of information and information resources. EIP's core guiding principle is to proactively identify and prevent risk as a first priority while always being well prepared to detect, respond, and recover effectively from a security incident.

Within EIP, the Compliance and Network Security Team is responsible for maintaining Sarbanes-Oxley, HIPAA, PCI, HITRUST, SOC, and other legal, regulatory, and contractual cyber security obligations.

Project Description:

Compliance Program Operation - assist in the execution of cybersecurity compliance controls.

Position Summary/Job Description:

EIP executes on-going, annual, and quarterly tasks to maintain compliance with SOX, HIPAA, and PCI. This role will be responsible for performing controls and most of these controls have defined procedures that involve extracting data, analyzing it, and validating it to meet compliance requirements. For example:

1) extracting the list of users with administrative access to a specific application or database, analyzing it to ensure it is appropriate, ticketing IT teams to remediate inappropriate access; and

2) extracting configuration data from a system and comparing it to a documented baseline. In both cases, the process needs to be formally documented, validated and entered in our GRC tool (Archer), which is then reviewed by internal and external auditors.

Skills Overview:

• Organization
• MS Office (e.g., Excel, Word)
• Communication
• Critical Thinking
• Data Analysis
• Experience with Excel and teams is required

#DICE
kgohmann@c4techservices.com
cclausen@c4techservices.com

---