Position Overview:The IT Compliance Analyst will be responsible for ensuring the occurrence of activities in support of Global IT adherence to Payment Card Industry (PCI) standards, Sarbanes-Oxley (SOX), and other relevant regulatory requirements. The role will include responsibility for obtaining remediation status for audit findings (internal, external, management-reported), providing data and preparing reports of metrics and trends, and monitoring for performance of a variety of Global IT control activities. The IT Compliance Analyst will work under the direction and supervision of GIT Information Risk Management Atlanta-based leadership and will be engaged as needed to support other remediation-related projects and efforts at the discretion of leadership.
Function Specific Activities:
- Key Responsibilities:
- Perform testing and documentation in support of annually required PCI compliance validations (several PCI DSS Self-Assessment Questionnaires including, but not limited to, type A, A-EP, B, B-IP, C, C-VT, and D). This testing will be performed under the high-level direction and supervision of the PCI Compliance Lead but working and executing the testing steps independently and predominantly remotely.
- Manage receipt and tracking of evidence for ongoing PCI-related controls within relevant processes (semi-annual, quarterly and monthly activities across various areas of the business). Assess the adequacy of the evidence received and where necessary, work with relevant contacts to address quality gaps.
- Maintain an inventory of payment card processes current by refreshing information on known processes and identifying new processes that have begun accepting payment cards. Conduct the annual PCI risk assessment and PCI Incident Response Plan refresh.
- Perform thorough and effective quarterly access reviews for domain users and privileged access within various applications and supporting infrastructure (SAP, Windows, Linux).
- Work with IT process narrative owners and Global Internal Controls to update process narratives for SOX certification twice yearly.
- Support SSAE18 (SOC1, SOC2) report governance efforts by coordinating receipt of reports and bridge letters from applicable IT service providers, validating vendor relationships, confirming effective performance of required complementary user entity controls, and tracking any findings to resolution
- Monitor performance of Global IT control activities, including, but not limited to-quarterly user access reviews, revocation of access for terminations, review of 3rd party attestation reports, etc.
- Engagement to support and monitor other projects and efforts as assigned.
- Education Requirements: Bachelor's degree in Business Administration, Information Technology, Management Information Systems, or other related discipline.
Related Work Experience: Minimum of 2-3 years experience in IT audit (internal or external), IT risk management, IT compliance, or other related field. Experience with PCI compliance validation (SAQ, ROC) is required (minimum 1 year).
- Knowledge and understanding of information risks concepts and principles as a means of relating business needs and security controls
- Knowledge of the PCI DSS, IT general controls and SOX principles
- Basic knowledge in key areas of information security such as Vulnerability Management, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web filtering, Advanced Threat Protection, and Cloud security
- Experience working with or auditing SAP preferred.
- CISA, CISSP, and/or PCI related certification preferred.
- Required travel 10-25%
Years of Experience:2-3 Years Experience
- DRIVE INNOVATION: Generate new or unique solutions and embrace new ideas that help sustain our business(encompassing everything from continuous improvement to new product and package innovation).
- COLLABORATE WITH SYSTEM, CUSTOMERS, AND OTHER STAKEHOLDERS: Develop and leverage relationships with stakeholders to approximately stretch and impact the System (Company and Bottler).
- ACT LIKE AN OWNER: Deliver results, creating value for our Brands, our System, our customers, and key stakeholders.
- INSPIRE OTHERS: Inspire people to deliver our mission and 2020 Vision, demonstrate passion for the business and give people a reason to believe anything is possible.
- DEVELOP SELF AND OTHERS: Develop self and support others' development to achieve full potential.
- GROWTH MINDSET: Demonstrates curiosity. Welcomes failure as a learning opportunity.
- SMART RISK: Makes bold decisions/recommendations.
- EXTERNALLY FOCUSED: Understands the upstream and downstream implications of his/her work. Tracks and shares external trends, best practices or ideas.
- PERFORMANCE DRIVEN AND ACCOUNTABLE: Has high performance standards. Outperforms her/his peers.
- FAST/AGILE: Removes barriers to move faster. Experiments and adapts. Thrives under pressure and fast pace.
- EMPOWERED: Brings solutions instead of problems. Challenges the status quo. Has the courage to take an unpopular stance.