Sr. IT Security Compliance Analyst
Description:
Overview:
About Express, Inc.
Express, Inc. is a multi-brand fashion retailer whose portfolio includes Express, Bonobos and UpWest. The Company operates an omnichannel platform as well as physical and online stores. Grounded in a belief that style, quality and value should all be found in one place, Express is a brand with a purpose - We Create Confidence. We Inspire Self-Expression. - powered by a styling community. Bonobos is a menswear brand known for exceptional fit and an innovative retail model. UpWest is an apparel, accessories and home goods brand with a purpose to Provide Comfort for People & Planet.
The Company has over 530 Express retail and Express Factory Outlet stores in the United States and Puerto Rico, the (url removed) online store and the Express mobile app; over 60 Bonobos Guideshop locations and the (url removed) online store; and 13 UpWest retail stores and the (url removed) online store. Express, Inc. is traded on the NYSE under the symbol EXPR. For more information about our Company, please visit and for more information about our brands, please visit, or .
Responsibilities:
The IT Security Compliance Analyst role will be responsible for the Information Technology governance and compliance program within Express. This role will primarily include executing the day-to-day monitoring and execution of the required Payment Card Industry Data Security Standard (PCI-DSS) controls and Sarbanes-Oxley internal information technology controls and processes that support financial reporting.
The analyst will also be the primary contact for the IT compliance program and be the primary liaison between the Express IT department and the internal audit partners and with external auditors as needed. These responsibilities include facilitating meetings and requests with the audit teams, reporting current risks and issues to management, and providing executive level reporting on a periodic basis.
Serves as the subject Matter Expert (SME) in all IT compliance activities, including, but not limited to Sarbanes-Oxley, PCI-DSS, and privacy initiatives.
Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security.
Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes
Works within the information security governance process to define control recommendations that are both efficient and effective.
Manages relationship with audit partners (internal and external). Receives audit findings and manages the collection of responses and remediation plans with owners and provides status updates.
Prepare reports that document security incidents and the scope of the impact caused by the incident.
Performs risk assessments for new vendor engagements, validating inputs from the vendor questionnaires and evaluating risks to Express based on vendor responses.
Organize and manage weekly IT change advisory board meetings
Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
Performs control assessments to identify control weaknesses and assess the effectiveness of existing controls and recommends and tracks remedial actions.
REQUIRED EXPERIENCE & QUALIFICATIONS
Technical Bachelor’s Degree or 5-7 years’ equivalent experience required
This position requires strong organizational, technical and communication skills.
The ideal candidate for this position is very well versed in IT governance and compliance as demonstrated by a minimum of 5 years of experience working in IT audit, governance, and/or compliance roles.
Is familiar with and understands established information security best practice frameworks and other control frameworks. (i.e. NIST 800-53, SANS Top 20, CIS CSS, NIST CSF, etc.)
CRITICAL SKILLS & ATTRIBUTES
Knowledge of best practices for security, including identity and access management, and data privacy compliance (PCI, SARBANES-OXLEY, CCPA, etc.)
Must possess a high level of initiative and self-motivation.
Strong organizational/time-management skills.
Willingness to learn new processes and technologies
Demonstrate effective decision-making, problem solving, analytical and communication skills.
Ability to work independently and effective at building partnerships to facilitate the accomplishment of goals.
Effective at planning and leading meetings to accomplish stated goals and objectives.
Closing:
An equal opportunity employer, Express, Inc. does not discriminate in recruiting, hiring or any other terms and conditions of employment hiring on the basis of any federal, state, or locally protected characteristic. Express, Inc. only hires individuals authorized for employment in the United States. Express, Inc. is committed to providing reasonable accommodation to individuals with disabilities. If you need an accommodation because of a disability to search and apply for a listed job position, please call (phone number removed) and say 'Associate Relations' or send an e-mail to and let us know the nature of your request and your contact information.
Notification to Agencies: Please note that Express, Inc. does not accept unsolicited resumes or calls from third-party recruiters or employment agencies. In the absence of a signed Master Service Agreement and approval from HR to submit resumes for a specific requisition, Express, Inc. will not consider or approve payment to any third-parties for hires made.
Permanent