Risk Analyst

Company Description

DIRECTV is one of the world's leading providers of digital television entertainment services delivering a premium video experience through state-of-the-art technology, unmatched programming, and industry leading customer service to more than 32 million customers in the U.S. and Latin America.

Job Description

The Compliance Assessor of IT Risk & Compliance Management performs Security Risk Assessments on DIRECTV’s 3rd party vendors. 

An assesment would typically involve the following tasks:

• Communicating and interviewing vendors and internal business groups

• Obtaining and reviewing supporting documentation

• Performing on-site assessments (where necessary)

• Documenting vendor’s data security controls

• Summarizing the adequacy of security controls

• Outlining gaps & remediation steps

• Providing recommendations

• Capturing assessment results in centralized repository 


Other responsibilities include:


• Assisting in the upkeep of governance, risk and compliance (GRC) software applications

• Interacting with team members and department/division personnel on other GRC related tasks

• Documenting data and process flows (e.g. data flow diagrams / swim-lane diagrams)

• Cataloging, tracking and reporting the status of other risk assessments and resolution actions

• Managing several GRC related tasks simultaneously without a great deal of direction or oversight

• Evaluating internal compliance to regulations such PCI

• Proposing practical risk mitigations based on cost, benefit and risk

 


Qualifications

• Should have minimum 1-2 years of experience working with IT compliance and/or security audits  

• Should have experience with Governance, Risk & Compliance Programs

• Should have understanding of Payment Card Industry Data Security Standard (PCI DSS) and other compliance frameworks (e.g.: ISO 27001)

• Should have experience related to vendor management audits and/or SAS70/SSAE16 type audits

• Should be able to effectively communicate complex topics with both technical and non-technical personnel

• Should have experience in reviewing Polices & Procedures and security controls

• Big 4 consulting experience is considered an advantage


Additional Information

Certifications (preferred, but not required):

• PCI Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
• Certified Information Systems Security Professionals (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)


This opportunity is a Long Term Contract


I'm interested