Compliance Manager

ROLE OVERVIEW

This role will involve working closely with IT, Human Resources, security, and business teams to ensure that our practices meet the highest standards of regulatory compliance.

1. Compliance Audits and Monitoring:

• Conduct internal audits to assess the organization’s compliance with PCI DSS and BCP.
• Perform periodic risk assessments and gap analysis to identify and address compliance issues proactively.
• Ensure that all compliance programs are up-to-date and align with industry standards and regulatory requirements.

1. PCI DSS Compliance Oversight:

• Oversee the implementation and maintenance of PCI DSS controls and processes.
• Manage the preparation, execution, and documentation of PCI DSS assessments and audits.
• Work closely with IT and security teams to ensure that proper encryption, access controls, and secure payment practices are in place.

1. Business Continuity and Disaster Recovery (BCP):

• Manage the development, implementation, and testing of Business Continuity Plans (BCP) and Disaster Recovery (DR) plans.
• Ensure that the company is prepared for operational disruptions and maintain up-to-date records of BCP tests and drills.
• Work with senior leadership to identify and mitigate potential risks that could affect business continuity.

1. Training and Awareness:

• Develop and deliver training programs to employees on compliance-related topics, including PCI DSS and BCP.
• Raise awareness on the importance of compliance and data security throughout the organization.
• Stay updated on evolving industry standards and regulatory changes to ensure the organization remains compliant.

1. Reporting and Documentation:

• Prepare regular reports for senior management, highlighting compliance status, audit findings, and areas of improvement.
• Document compliance activities, audit results, and corrective actions taken in accordance with regulatory standards.
• Track and report on compliance KPIs and metrics.

1. Collaboration and Stakeholder Management:

• Act as the primary point of contact for internal and external stakeholders regarding compliance matters.
• Collaborate with external auditors and regulatory bodies as needed.
• Foster a culture of continuous improvement by recommending enhancements to compliance processes and systems.

• CISM (Certified Information Security Manager), PCI Professional, SOC 2, or similar certifications are highly desirable.
• Proven experience (2+ years) in compliance management, specifically with PCI DSS, SOC 2 Type 2 and BCP.
• Strong understanding of regulatory frameworks and industry standards.
• Experience with audit methodologies and internal control frameworks.
• Strong analytical, problem-solving, and risk management skills.
• Excellent communication and interpersonal skills with the ability to interact with all levels of the organization.
• Knowledge of data privacy laws and IT security best practices.