Senior Cyber Security Risk and Compliance Analyst

Company Description

Epsilon is the leader in outcome-based marketing. We enable marketing that's built on proof, not promises. Through Epsilon PeopleCloud, the marketing platform for personalizing consumer journeys with performance transparency, Epsilon helps marketers anticipate, activate and prove measurable business outcomes. Powered by CORE ID®, the most accurate and stable identity management platform representing 200+ million people, Epsilon's award-winning data and technology is rooted in privacy by design and underpinned by powerful AI. With more than 50 years of experience in personalization and performance working with the world's top brands, agencies and publishers, Epsilon is a trusted partner leading CRM, digital media, loyalty and email programs. Positioned at the core of Publicis Groupe, Epsilon is a global company with over 8,000 employees in over 40 offices around the world. For more information, visit epsilon.com. Follow us on Twitter at @EpsilonMktg.

Overview

Will be responsible for managing the Organization's SOC 1; 2 & 3 audits' preparatory processes and overseeing related activities, which includes managing a body of testing pertaining to the company's internal and IT controls Act as a Trusted Security Advisor to the organization, identifying gaps in the environment, providing recommended solutions and evaluating them for adequacy Facilitate external audits, including SOC 1, 2, 3 and compliance requirements such as HIPAA, PCI, ISO 27001, etc. Manage the submission of risk acceptance requests, including review of request, analysis, scoring, development of mitigating controls and review for renewal Perform security risk evaluations, including identification of key controls, drafting audit program and executing the evaluation Will need to provide input to improve operational efficiency and / or to enhance the design or operating effectiveness of the internal control environment Oversees all audit activities relating to SOC 1; 2 & 3 audits ensuring work and deliverables in accordance with agreed upon timeframes and departmental procedures, standards and protocols Partners cross-functionally, inter-departmentally and with the external auditor to understand the process from an end-to-end perspective and appropriately and effectively communicates with these partners to understand the status for the corporation as a whole Provides technical expertise to direct reports, department and internal partners, and includes assessing training needs and providing training for the department Ensures frequent communication of test and / or audit results and analysis on a timely basis to the appropriate stakeholders and senior management within the audit department Participates in meetings with business unit to discuss test and / or audit scoping, testing progress and results Interacts and partners with senior management to understand the risks within the business, business changes and other significant events that could significantly impact the business and / or the audit plan Communicates with regulators, external auditors and various risk management committees within the corporation as part of ongoing continuous monitoring which assists in managing the audit plan

Qualifications

Overall experience of 5 - 10 years but minimum of 2 - 3 years in handling SOC audits Understanding of compliance frameworks such as PCI, ISO 27001, AICPA Trust Services Criteria, HIPAA, etc. Audit firm / Big 4 experience preferred Able to coordinate with other departments regarding various external audits and other security-related matters Ability to review, assess and evaluate security risk Ability to project manage, aligning to audit timelines and developing milestones Strong leadership, analytical and organizational skills are needed Strong project management skills Strong communication (both verbal and written) skills