Compliance Specialist (Remote) at Zen Planner
Daxko powers health & wellness throughout the world. Every day our team members focus their passion and expertise in helping health & wellness facilities operate efficiently and engage their members.
Whether a neighborhood yoga studio, a national franchise with locations in every city, a YMCA or JCC--and every type of organization in between--we build solutions that make every aspect of running and being a member of a health and wellness organization easier and delightful.Job Description
As a Compliance Specialist, you are responsible for working with internal teams to obtain an in-depth understanding of IT requirements in order to translate them into policies, procedures, standards, and work instructions. In this vital position, you will assist in ensuring company compliance for various applications, produce high-quality documentation that meets compliance regulations, risk and security standards, and provide technical and editorial document review and expert opinion on compliance and cyber/infrastructure security documents.
The Compliance Specialist reports to the Information Security Manager.
You will also:
- Write and/or edit technical documents, including policies, procedures, and work instructions. Develop outlines and drafts for review and approval by technical engineers, developers, and compliance management ensuring that final documents meet applicable technical industry and compliance standards.
- Translate IT application/technical process information into user-friendly content.
- Provide expertise in the creation, implementation, and maintenance of appropriate policies, and procedures to be compliant with applicable technology, regulatory, and compliance requirements including PCI-DSS, PA-DSS, SSAE 18 (SOC 1 Type II) SOC 2, GDPR, and HIPAA.
- Understand IT compliance control gaps and oversee the documentation of the entire IT compliance control portfolio.
- Assist in the policy lifecycle by monitoring changes to the standards and regulatory landscape as it pertains to the organization.
- Consult relevant regulatory, information sources and resources, technical documents, to obtain background information, and verify pertinent guidelines and regulations governing technical documentation deliverables are applied.
- Manage the tracking, monitoring, and document control of technical documents.
- Provide risk analysis and work to ensure proper results are documented as necessary.
- Assist in compliance audits working with qualified security assessors, developers, and system engineers.
- Make recommendations to management at all levels to ensure that appropriate levels of compliance are maintained.
- Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
- Continuously promote security awareness and look for ways to block security threats when identified.
- Three (3) or more years of experience in the compliance governance, risk, or cybersecurity field.
- Three (3+) years of experience in an IT technical support, system administration, computer systems, or network maintenance position is required.
- Two (2) or more years of experience with the development and/or updating of cybersecurity compliance-related policies, processes, or standards.
- Bachelor’s degree in Technical Writing, English, Computer Science or Business Administration or equivalent combination of education and experience.
- Experience with principles and technology, including access/control, authorization, identification and authentication, public key infrastructure, network, and cloud security architecture.
- Experience organizing workgroups for cross-functional projects required.
- Experience in planning, organizing, and developing information technology policies, procedures, and practices.
- Experience with using Atlassian Confluence and JIRA
- Must have excellent technical writing skills, with experience delivering documentation to both technical and non-technical audiences.
- Must have excellent organizational skills, specifically ensuring consistency in documentation.
- Ability to understand and interpret laws and regulatory requirements related to information protection to develop and implement appropriate processes keeping the Company in compliance.
- Ability to analyze risks and recommend appropriate controls to reduce or mitigate the risks.
- Knowledge of published security standards (NIST, TSA, CIS, COBIT, HIPAA, PCI, ISO, California Consumer Privacy Act)
- Demonstrated understanding of data processing, hardware platforms, operating systems, databases, and enterprise software applications.
- Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive, and legal staff as well as external personnel, including auditors and customers.
- Proven ability to effectively manage competing priorities while meeting deadlines including compliance requirements with violations associated with non-compliance.
Bonus points for:
- Security and compliance certifications
- Project management experience
Daxko is dedicated to pursuing and hiring a diverse workforce. We are committed to diversity in the broadest sense, including thought and perspective, age, ability, nationality, ethnicity, orientation, and gender. The skills, perspectives, ideas, and experiences of all of our team members contribute to the vitality and success of our purpose and values.
We truly care for our team members, and this is reflected through our offices, benefits, and great perks. Some of our favorites include:
- Flexible paid time off
- Affordable health insurance options
- Monthly fitness reimbursement
- 401(k) matching
- Casual work environment
- Plenty of free food and caffeine
All your information will be kept confidential according to EEO guidelines.