Lead Compliance Analyst

OUR COMPANY:- Integon Service Co. supports its insurance company affiliates, which offer property and casualty insurance products, including personal auto, homeowners, RV, motorcycle, small business auto insurance and more.- With our Mexico headquarters located in Tijuana, Baja California, at Integon, with over 1000 employees, we continue to grow our portfolio of remote positions that can be filled anywhere in the country. We offer the stability of a large corporation with the flexibility of a remote or hybrid career.- We continue to build a caring and inclusive company culture and are proud to be certified as a Great Place to Work- WHAT WE OFFER AS A GREAT PLACE TO WORK:- Highly competitive compensation and benefits package- Paid Time Off (PTO) additional to your vacation days- Career development and growth opportunities- Full access to our wellness center and wellness initiatives- Being part of an international organization with high exposure to multiple teams across North AmericaPrimary Purpose:- The Lead Compliance Analyst is a senior level position responsible for ensuring that National General Policies and processes adhere to regulatory and legal compliance standards such as PCI, SOX, HIPAA, and ISO Cybersecurity Frameworks. The Compliance Analyst will work with the other members of the team to enhance business practices, internal controls and perform other review-related activities to support the execution of the department's annual assessment plan.- Essential Duties and Responsibilities:- Works with Security Architects, Security Analysts, Security Administrators and other IT and business departments to enhance/develop and review procedures and controls to meet PCI compliance requirements- Supports the planning and execution of control assessments related to PCI and other industry/regulatory requirements as well as common security frameworks such as NIST, ISO, and HITRUST- Collect and document business requirements for process identification/improvement/automation efforts- Contributes to the development of process improvements- Applies knowledge of key regulations to influence assessment scope- Fieldwork/Execution: with limited supervision, performs testing (including walkthroughs), takes ownership to complete clear and well-organized assessment papers that appropriately document the work performed, uses root cause analysis for problem solving and communicates potential issues timely to supervisor- Evaluates risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans- Reporting: Formulates appropriate conclusions regarding the adequacy of internal controls and procedures based on the assessment work performed and knowledge of company operation; drafts well written, clear and concise finding reports and participates in presenting the findings to the Enterprise Risk & Compliance management- Remediation: Monitors the implementation of corrective action plans with first and second lines of defense and presents updates to the findings to the Enterprise Information Risk & Compliance management- Conducts assessments of controls while documenting remediation items and working with vendors until items have reached a satisfactory level of risk- Other duties as assigned- Minimum Skills and Competencies:- 8-10 years substantive experience as a Compliance Assessor or Auditor with a licensed financial institution or a regulatory compliance examiner with a federal or state financial services regulator- Bachelor’s degree in Computer Science or Computer Information Systems or related or equivalent experience- 5-10 years substantive experience with PCI compliance; assessing controls, collecting artifacts, completing CCWs and working closely with QSAs- Demonstrated knowledge of PCI, HIPAA, SOX, ISO27000 and NIST Cybersecurity Frameworks- Demonstrated understanding of the current PCI DSS and how it applies to a large, complex organization accepting payment via multiple channels and technologies- 5-10 years experience with infrastructure technologies including platforms, firewalls, routers, switches, virtualization and databases- Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments- A strong ability to multi-task and manage varying priorities and projects- Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a broad range of technical and non-technical staffDesired Skills:- QSA, ISA, PCIP, CCNA, CCNP, CIA, CISSP, CISA, CISM, CCRISC, or CGEIT certifications- Stream, Archer, CyberArk, Fortify, Qualys, Rapid7, BeyondTrust Retina, Qradar, Trustwave TrustKeeper, Proofpoint, McAfee ePO/HBSS, VMWare, Palo Alto- Knowledge of SQL & Oracle dB’sLI-LS4Integon, a Great Place to Wor