Job Information
BlackBox Risk & Compliance Analyst in Bangalore, India
Purpose of Job:
The Risk & Compliance Analyst is an indirect customer facing position , where the resource has ownership and is responsible for reviewing new and existing contracts form a risk , security, compliance perspective as they come in for review for sign-off before BlackBox enters a legal agreement with any other entity. The analysis required is for evaluating contents of the contract for IT Compliance to any global or local regulations and service expectations, Risks, business service expectations, security expectations and compliance keeping BlackBox interests and capabilities in mind for delivery and adhering to defined business and IT service level expectations. The role will also be responsible for maintaining organization policies , coordinating external customer/vendor IT Audits, ensuring adherence to IT controls, and coordinating external customer/vendor audit & control remediation activities – internally and externally. This position will take an advisory role in making sure data privacy and governance procedures contain the right level of controls and responsibilities to support risk and compliance oversight across the organization. A good understanding and experience / exposure with global industry standards, regulatory compliance requirements, data privacy laws , security standards etc. is required.
Primary Roles & Responsibilities:
Understand Blackbox Internal Business services and review proposed customer contracts for compliance, risks and regulatory issues
Coordinate external & Internal audits of the Blackbox IT environment and collate evidence submitted by technical team
Develop and maintain both continuous and spot check, autonomous and manual audit processes
Educate users on IT controls processes and play an advisory role internally.
Perform end – to end contracts evaluation for risk , compliance , and security evaluations and expectations.
Report compliance results & metrics to executive teams
Provide continual improvement objectives to better align to external requests
Build a strong knowledge and understanding of systems and processes
Assist in development of data governance processes and RACI
Review and update internal corporate Policies based on Industry best practices and Regulatory requirements
Understand and document Data workflows and lifecycles
Establish Processes to improve the life cycle Management of Contracts
Possess experience or good knowledge on IT controls mapping as per global standards.
Knowledge, Skills, Abilities:
Strong familiarity with risk, compliance, and audit frameworks and the various ways they are applied in IT environments
Understanding of Global data privacy and security regulations – like GDPR, CCPA etc. both at global and US state levels for data privacy laws and requirements.
- Ability to scope, assess, and revise contracts and suggest edits based on business drivers and compliance needs.
Ability to find root cause of control failures and mitigate risks accordingly
Ability to create and maintain policies, procedures and guidelines for the Company and maintain its lifecycle in SharePoint
Ability to educate the company employees and respond to policy related queries.
Ability to implement controls in a diverse technical and geographically distributed environment to mitigate risk
Ability to convince a highly varied audience to follow prescribed controls
Comfort with presenting progress reports and results to senior leadership
Understanding of process design and compliance terminology
Ability to write and speak clearly, consistently, and concisely
Ability to Multitask responses to multiple Contracts and meet given deadlines
Ability to be self-driven, Motivated with end-to-end ownership on contracts management
Excellent Audit Life Cycle Management skills , Expert use of Excel sheet , Word document management , PPT, ability to track documents versions, evidences etc.
BA business or information technology or equivalent experience.
4-5+ years of prior experience in IT risk, auditing, Contracts evaluation, and/or compliance strongly preferred.
Knowledge of working with US & Global regulations and compliance requirements like HIPAA , PCIDSS , GDPR and US state level laws like CCPA etc.
Data Privacy Laws like GDPR, CCPA,
PCIDSS, SOC2, HIPAA
Security and Assurance standard like NIST 800-53 controls, NIST CSF, CIS controls , ISO 27001 standards
Supervisory Responsibility:
CISA and/or CRISC and/or CGEIT
ISO 27001 L.A or CISM or CISSP – Desirable.