Sr. Compliance Analyst - IT/ Security GRC

Information Service Technology
1056 Total Views

Job Description

This position is responsible for the implementation and management of compliance processes to strengthen the IT control environment based on industry framework and standard. The individual will play a strategic role in taking part in all internal and external audits in order to address and mitigate audit risks.



  1. Controls Design Assessment / Testing
  • Execute targeted testing and/or control reviews, including gathering data and documentation needed to conduct capability maturity model assessments on design and testing effectiveness of cyber security controls.
  • Analyze data and processes from multiple sources and identify control weaknesses and potential compliance risk.
  • Produce high-quality documentation of test results.
  • Partner with business owners on remediation plans.
  • Communicate testing results as well as remediation plans to the business stakeholders.
  • Track remediation efforts through completion.
  • Provide reporting on maturity assessment of each domain to Senior Management.
  • Support IST Risk Management team on overall risk assessments.

2.           Payment Card Industry (PCI) Compliance

  • Coordinates with all business units and departments to obtain and validate all evidence required for PCI DSS compliance and assessments.
  • Organize and validate the collection of compliance evidence to identify any potential gaps.
  • Facilitate annual penetration testing within PCI environment.
  • Partner with the business and the AppSec team to monitor the remediation efforts to address findings from the ‘pen test.’
  • Analyzes new PCI DSS compliance requirements for existing or new needs.
  • Obtain PCI ISA (Internal Security Assessor) certificate.

3.           Audit Facilitation

  • Serve as a point of contact and liaison with internal and external auditors.
  • Gather audit recommendations for various teams within Security and GRC teams.  Provide responses on follow-up items.
  • Monitor open audit items to ensure completion of remediation activities.
  • Perform other ad hoc reviews per audit requests.

4.           Governance Risk and Compliance (GRC) Platform Configuration / Support

  • Provide support in the development of GRC platform.
  • Streamline and document processes.
  • Explore opportunities to automate activities associated with IT GRC.

5.           Miscellaneous

  • Assist in vulnerability reporting as well as remediation efforts.
  • Support and backup in other areas as needed, e.g., Incident Response, exception to policy, Data Classification, and other tasks related to IT Governance, Risk and Compliance.
  • Stay abreast of regulatory changes (including, but not limited to data privacy regulations), new laws and industry best practices that are relevant to the Mary Kay business.
  • Work and contribute to a team-oriented and collaborative environment to further improve existing processes.
  • Perform other duties and responsibilities as assigned.


Skills & Experience

Education:  Bachelor’s degree (B.A) from four-year college or university preferably in one of the following areas:

  • Management Information Systems, Computer Science, or other related field
  • Master's degree will be considered as one year of work experience.
  • Obtain or possess one of the following certificates within one year:
      • Certified Information Systems Auditor (CISA)
      • Certified in Risk and Information Systems Control (CRISC)

Experience:  4+ years in IT audit, IT compliance or other related field.

Additional Skills & Abilities:

  • Self-motived, displays professionalism and integrity
  • Demonstrated ability to multi-task, respond to needs quickly and efficiently and prioritize work with a strong attention to detail
  • Excellent analytical, technical and problem-solving skills
  • Excellent written and verbal communication skills
  • Must have strong organizational, interpersonal, and time management skills to be able to work independently and communicate with all levels of employees within the Company, including executive management
  • Ability to independently think through issues and propose resolutions

Technical Skills:

  • Experience with assessing and designing internal controls
  • Experience in testing, evaluating and documenting IT controls and compliance requirements of more complex environments and/or higher risk areas.  Experience with IT testing domains including logical access, change management, IT operations, and application development
  • In-depth knowledge of a wide range of compliance and technology regulations and frameworks (ISO 27001/27002, COBIT, NIST CSF/800-53, PCI, GDPR, CCPA and etc.)
  • Strong experience with MS Office tools and proficiency in the use of spreadsheets, word processing and other software packages is required
  • Experience with OneTrust GRC platform or other GRC applications preferred
  • Research industry compliance regulations and requirements



Company Overview

Looking for a career where you can make a difference?

At Mary Kay we are committed to enriching the lives of women and their families around the world, we offer careers with unlimited opportunities to do something beautiful every day. More than 5,000 employees work in locations around the world. They provide the products, marketing and other support to millions of Independent Beauty Consultants (IBCs) who work as independent contractors, selling our products directly to consumers in nearly 40 markets on five continents.

We are a company that believes in our people and cares for them with truly exceptional benefits. We offer:

  • A comprehensive health plan which includes medical, dental, and vision with low premiums
  • 401(k) plan
  • A generous profit-sharing program
  • Free access to on-site fitness center and on-site clinic


Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

Dallas, Texas - The Mary Kay Building (TMKB)

📁 Information Service Technology