1. Home
  2. IT Risk & Compliance Analyst III (PCI & FTC)

Offers “Tjx”

Expires soon
Tjx

IT Risk & Compliance Analyst III (PCI & FTC)

  • Internship
  • Marlborough (Wiltshire)
Apply Now

Job description



Discovery is at the core of everything we do – whether it’s a great value, incredible style, or building long-lasting partnerships with people around the world. That’s what makes TJX different. You can find it all across our brands: TJ Maxx, Marshalls, HomeGoods, Sierra, and Homesense. Every one of our brands has one thing in common: environments that are always changing. That’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships, and even about yourself. Come discover what different can mean for you.

 

 

This role is responsible for testing and monitoring IT controls specific to protections around customer data including credit card data as described below.

 

Major Duties & Responsibilities                    

·  Perform testing and monitoring of controls protecting customer data including credit card data
·  Perform analysis of control effectiveness and generate reports on a regular basis
·  Perform basic to complex control assessments to ensure compliance with internal policies, security standards and regulatory requirements.
·  Identify compliance risks and exposures, determine causes of violations, design, recommend and track procedures to mitigate future incidents.
·  Perform root cause analysis of moderately to highly complex compliance issues and determine the best course of action to remedy the problem
·  Plan and conduct meetings with control and processes owners as well as other key stakeholders to discuss status and provide compliance guidance
·  Participate as the compliance SME in projects to provide compliance guidance for product development and implementations
·  May also participate in performing control monitoring for Sarbanes Oxley controls
·  Participate in the creation and delivery of compliance training

 

Decision Making

·  Determines if an event needs to be escalated to management or outside of the unit
·  May recommend new policies and procedures to management and has wide latitude to decide on the best course of action for new procedures.
·  Recommends course of action for low to moderately complex situations.

 

Span of Control (i.e. Direct/Indirect reports)

·  May provide guidance and training to more junior associates

 

Scope of Responsibility (i.e. Financial impact)

·  May provide budgetary recommendations for future projects/security tools/applications

 

Skills/Knowledge

·  5 years of experience in an IT Security Compliance environment.
·  Strong experience with testing and monitoringPCI DSS OR ISO27002 experience important.
·  Strong aptitude for IT Risk and Compliance Concepts and methodologies and an understanding of applied security concepts and best practices.
·  IT Audit, IT Compliance or IT Risk Assessment background.
·  Strong technical or conceptual knowledge in the areas required for performing detailed compliance assessments (not all required) - including but not limited to security architecture design, network security,system and data security, secure development, cloud/mobile security, DevSecOps, system integrations, threat analysis, etc.
·  Must have strong ability to identify and assesses the severity and potential impact of compliance risks and to communicate findings clearly.
·  Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
·  Demonstrated ability to work independently in an organized manner.
·  Ability to assist in the development of risk and compliance management processes and workflows.
·  Must be adept at multi-tasking and skilled with operating in a fast-paced environment with shifting priorities.
·  Must have excellent communication skills and be comfortable communicating with all levels of the organization.
·  Qualifications for certification under the PCI SSC Internal Security Assessment (ISA) Program are preferred. Qualifications include PCI DSS knowledge, audit experience, technical knowledge and one of the following certifications (or equivalent): CISSP, CISA, CISM, PCIP.

 

Minimum Experience  

·  3-5 Years in IT Risk & Compliance environment or equivalent

 

Minimum Formal Education

·  Bachelor's Degree or equivalent experience
·  Relevant industry certification preferred

 

 

Discover Different at TJX means opportunity, teamwork, and career growth. That’s why working here is so much more than a job. When you’re a part of our TJX family, you have the full support of a diverse, close-knit group of people that work together to deliver the best value and style in the business. Our inventory is always changing and our approach is continually evolving, which means every day is another chance to Discover Different.

We care about our culture, but we also prioritize the tangible stuff – competitive pay, great benefits, and a great group of people.
                          
We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.

 Posting Notes: Marlborough  || MA

Nearest Major Market: Boston
Job Segment: Risk Management, Compliance, Law, Product Development, Network Security, Finance, Legal, Research, Security

Make every future a success.
  • Job directory
  • Business directory
    •