Risk & Compliance Analyst

Purpose of Job:

The Risk & Compliance Analyst is an indirect customer-facing position, where the resource has ownership and is responsible for reviewing new and existing contracts form a risk, security, compliance perspective as they come in for review for sign-off before BlackBox enters a legal agreement with any other entity. The analysis required is for evaluating contents of the contract for IT Compliance to any global or local regulations and service expectations, Risks, business service expectations, security expectations and compliance keeping blackbox interests and capabilities in mind for delivery and adhering to defined business and IT service level expectations. The role will also be responsible for maintaining organization policies, coordinating external customer/vendor IT Audits, ensuring adherence to IT controls, and coordinating external customer/vendor audit & control remediation activities internally and externally. This position will take an advisory role in making sure data privacy and governance procedures contain the right level of controls and responsibilities to support risk and compliance oversight across the organization. A good understanding and experience / exposure to global industry standards, regulatory compliance requirements, data privacy laws, security standards etc. is required. Good written and spoken English essential for this position

Primary Roles & Responsibilities:

• Understand Blackbox Internal Business services and review proposed customer contracts for compliance, risks privacy, security and regulatory issues
• Coordinate external & Internal audits of the Blackbox IT environment and collate evidence submitted by technical team
• God understanding of security concepts, drivers of risk and mitigation control, BCP, DR, Risk Management 3rd party vendor Audits and Management, policies and procedure writing and evaluations, IT general and application controls
• Develop and maintain both continuous and spot check, autonomous and manual audit processes
• Educate users on IT controls processes and play an advisory role internally.
• Perform end to end contracts evaluation for risk, compliance, and security evaluations and expectations.
• Report on compliance results & metrics to executive teams
• Provide continual improvement objectives to better align to external requests
• Build a strong knowledge and understanding of systems and processes
• Assist in development of data governance processes and RACI
• Review and update internal corporate Policies based on Industry best practices and Regulatory requirements
• Understand and document Data workflows and lifecycles
• Establish Processes to improve the life cycle Management of Contracts
• Possess experience or good knowledge on IT controls mapping as per global standards.

Knowledge, Skills, Abilities:

• Strong familiarity with risk, compliance, and audit frameworks and the various ways they are applied in IT environments
• Understanding of Global data privacy and security regulations – like GDPR, CCPA etc. both at global and US state levels for data privacy laws and requirements.
• Ability to scope, assess, and revise contracts and suggest edits based on business drivers and compliance needs.
• Ability to find root causes of control failures and mitigate risks accordingly
• Ability to create and maintain policies, procedures and guidelines for the Company and maintain its lifecycle in SharePoint
• Ability to educate the company employees and respond to policy related queries.
• Ability to implement controls in a diverse technical and geographically distributed environment to mitigate risk
• Ability to convince a highly varied audience to follow prescribed controls
• Comfort with presenting progress reports and results to senior leadership
• Understanding of process design and compliance terminology
• Ability to write and speak clearly, consistently, and concisely
• Ability to Multitask responses to multiple Contracts and meet given deadlines
• Ability to be self-driven, Motivated with end-to-end ownership on contracts management
• Excellent Audit Life Cycle Management skills, Expert use of Excel sheet, Word document management, PPT, ability to track documents versions, evidence etc.
• Excellent written and verbal communication skills and English language command.

Education/Experience Requirements:

• BA business or information technology or equivalent experience.
• Minimum 5 years or more of prior experience in IT-GRC domain like IT risk, auditing, Contracts evaluation, Data privacy, compliance evaluation etc. strongly preferred.
• Knowledge of working with US & Global regulations and compliance requirements like HIPAA, PCIDSS, GDPR and US state level laws like CCPA etc.

Frameworks / Industry Standard & Regulations

• Data Privacy Laws like GDPR, CCPA,
• PCIDSS, SOC2, HIPAA
• Security and Assurance standards like NIST 800-53 controls, NIST CSF, CIS controls, ISO 27001 standards

Supervisory Responsibility:

This position may take on a leadership role of other employees & Teams in other teams to engage in responding to certain compliance and IT audits requirements

Certifications Desired / Preferred

• CISA and/or CRISC and/or CGEIT
• ISO 27001 L.A or CISM or CISSP – Desirable.

Notice Period