The Compliance Officer will oversee and review all legal technology issues across the organization and provide objective assessments of the company’s compliance to legislation governing the organization’s information technology systems and industry-specific regulations. The Compliance Officer will also direct the development and implementation of policies and procedures to ensure that the organization’s information technology and corporate practices remain observant to all pertinent laws and standards (state, province, country, federal laws) and escalate areas of risk/exposure for remediation as required.
This position reports to the General Manager, Shared Services.
- Guide the senior management team in governance processes of the organization’s infrastructure strategies for legal compliance, including but not limited to PCI, ISO, and COPC standards
- Spearhead a cross-functional compliance program to achieve legal obligations and business goals by prioritizing initiatives and assessing the evaluation, deployment, and management of current and future infrastructure policies and technologies
- Implement and maintain an effective compliance communication program for the organization, including promoting change management protocol; awareness of IT and PCI Security Standards; and education on new and existing compliance issues and related policies and procedures
- Audit existing compliance practices across the organization; isolate potential risks or liabilities and develop mitigation plans
- Develop and communicate policies, procedures, and plans to executive team, staff, partners, customers, and stakeholders regarding technology- and industry-specific compliance standards and laws
- Work closely with the IT department to develop and coordinate a compliance schedule tailored to the applicable regulations
- Devise and implement compliance monitoring of all business partners, associates, vendors, and service providers to ensure that legal/compliance obligations are adhered to
- Develop and implement a system for tracking, documenting, and investigating information security incidents/complaints (internal or external)
- Prepare and deliver or coordinate deliverance of compliance training and awareness to all staff members, contractors, interns, and consultants
- Maintain a strong awareness of legislative changes or amendments in order to ensure ongoing and future compliance; conduct yearly audits
- Advise, counsel, and educate executive and management teams on the relative importance and financial impact of non-compliance; recommend/coordinate changes where necessary
- Advocate company’s Information compliance policies via regular written and in-person communications with company executives, department heads, and staff
- Work closely with IT department on corporate technology development to fully secure information and information-processing/gathering systems
- Identify potential areas of compliance vulnerability and risk; develop/implement corrective action plans for resolution of problematic issues, and provide general guidance on how to avoid or deal with similar situations in the future
- Ensure that information security measures and equipment adhere to all applicable laws and regulations
- Develop and maintain Business Continuity plans (BCP) and oversee testing plans
The above statements describe the general nature and level of work being performed. This is not intended to be an exhaustive list of all responsibilities and duties required.
- University degree in the field of Computer Science, Information Technology or Business Administration; or equivalent combination of education and experience
- 3 years’ experience working in the Contact Center Industry in an Information Technology related field
- 2 years’ experience managing compliance and security protocol within a medium to large scale operation
- Certification(s) in PCI, ISO, ISSP, GIAC, COPC, Information Technology, or extensive working knowledge of these standards considered an asset
- Working knowledge of MSOffice product suite
- Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities
- Experience planning, organizing, and developing information technology policies, procedures, and practices
- Direct experience and knowledge of local and federal information technology laws, including the security framework of the Payment Card Industry Data Security Standards, ISO
- Strong communication skills (both written and oral), particularly with government/legal agencies.
- Demonstrated ability to apply solid IT strategies in solving compliance issues
- Excellent working knowledge of technology environments, including information security, encryption methods, and privacy-based solutions
- General knowledge of business theory, business processes, management, budgeting, and business office operations
- Well-developed knowledge of data processing, hardware platforms, enterprise software applications, and outsourced systems, including card payment processing, call recording, encryption methodologies (disk, file, and key management), and user account management, file systems, etc.
- Solid understanding of computer systems and integration capabilities
- Excellent understanding of project management principles with experience planning and executing IT project implementations end to end
- Proven success in strategic planning, risk management, and change management
- Ability to set and manage priorities judiciously
- Ability to present ideas in business-friendly and user-friendly language
- Self-motivated, with the ability to work well independently and in a team environment
- Superior analytical, evaluative, and problem-solving abilities, with detail orientation
- Highly articulate, with the ability to motivate, influence, persuade, negotiate in a collaborative environment and mediate through conflict to achieve common goal
- Able to work in a 24 hour a day, 365 days per year environment
- Satisfactory Criminal Record Check required (Credit check may also apply)
Application: If you are interested in applying for this position please do so by emailing your resume and cover letter to Shawna Smith at firstname.lastname@example.org.
Deadline to apply is April 6, 2017.