Enterprise Compliance Assessor
National General Insurance
Winston-Salem, North Carolina, United States
Job type: fulltime
Job industry: I.T. & Communications
Position/Title: Enterprise Compliance Assessor
Location: 100% Remote in North Carolina (must be within a few hours of Winston-Salem, NC)
Ensure that National General Policies and processes adhere to regulatory and legal compliance standards such as PCI, HIPAA, NY DFS, HITRUST and ISO Cybersecurity Frameworks. The Compliance Assessor will work with the other members of the team to enhance business practices and internal controls and performs other internal audit related activities to support the execution of the department's annual audit plan.
Essential Duties and Responsibilities:
- Works with Security Architects, Security Analysts, Security Administrators and other IT and business departments to review procedures and controls to meet IT compliance requirements
- Ensure enterprise-wide needs for due diligence, risk assessment, and constant vendor monitoring are being accomplished
- Develop regular reports on contract milestones, execution and risk, and inform internal customers, vendors, and management of activities and progress through regular written and verbal communication.
- Supports the planning and execution of controls audits related to HIPAA, PCI, NY DFS, MARS-E and other industry/regulatory requirements as well as common security frameworks such as NIST, ISO, and HITRUST
- Fieldwork/Execution: with appropriate supervision, interacts with all levels of management and performs testing (including walkthroughs), takes ownership to complete clear and well-organized audit work papers that appropriately document the work performed, uses root cause analysis for problem solving and communicates potential issues timely to supervisor.
- Evaluates risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans.
- Reporting: Formulates appropriate conclusions regarding the adequacy of internal controls and procedures based on the audit work performed and knowledge of company operation, drafts well written, clear and concise audit report and participates in presenting the findings to the Enterprise Information Risk & Compliance management.
- Remediation: Monitors the implementation of corrective action plans with first and second lines of defense and presents updates to the findings to the Enterprise Information Risk & Compliance management.
- Other duties as assigned
Minimum Skills and Competencies:
- 5-7 years substantive experience as a Compliance Auditor with a licensed financial institution or a regulatory compliance examiner with a federal or state financial services regulator
- Bachelor's degree in Computer Science or Computer Information Systems or related or equivalent experience
- Demonstrated knowledge of HIPAA, PCI, SOX, ISO27000 and NIST Cybersecurity Frameworks
- Excellent communication and writing skills
- Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments
- A strong ability to multi-task and manage varying priorities and projects
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a broad range of technical and non-technical staff
- The ability to provide support after normal business hours as needed
- Proficient in Microsoft Office (Word, Excel, Access and PowerPoint)
- Ability to travel, as needed
- CISSP, CISA, CISM, CCRISC, or CGEIT certifications
- Strong knowledge of cloud based technology and solutions
- Tripwire Enterprise, Tripwire IP360, Nessus, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS