Chief Compliance Officer

Must have a solid understanding of compliance requirements that include PCI, HIPAA, SSAE16, and NIST.

The ideal candidate will have experience performing audits in PCI DSS and SSAE 16 frameworks.

The Compliance Officer should be able to participate in technical discussions with IT personnel and have the ability to quickly understand the FICO Technology environment, including network, OS and key applications.

Essential Functions

• Give accurate and timely counsel to executives on a variety of compliance topics including: Card Brand rules, underwriting, electronic security, physical security, PCI DSS, etc.
• Develop and maintain company policies and procedures needed to ensure compliance and communicate these policies and train staff.
• Work with both internal and external auditors to ensure compliance with all industry-mandated regulations.
• Manage compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures.
• Monitor activities of assigned IT areas to ensure compliance with internal policies and standards.
• Assist Corporate Compliance and the Business with all required compliance/security-related documentation.

  Ensure documentation is standardized, updated and organized.

• Participate in the development and implementation of new business initiatives involving security to ensure compliance with established policies.
• Provide guidance to business functions on compliance/security-related matters.
• Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
• Initiate improvement activity to reduce risk, ensure compliance, lower cost, and improve quality within IT processes.
• Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.
• Refine and revise existing policies and procedures to support internal and external compliance
• Author new policies and procedures and ensure adequate training for adherence by employees.
• Support additional internal and external compliance activity as required.
• Regularly interact with all levels of management to present and discuss audit results and obtain gap remediation status 
• Perform periodic security risk assessments and advise business stakeholders on best practices to reduce risk and overall breach profile.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

Competencies

• Desired certifications: ACAMS, PCIP, ISA/QSA, CISSP, CISA, related GIAC.
• Strong Project management and interpersonal communication skills.
• Ability to persuade, convince, and influence others through collaboration.
• Ability to express medium complexity technical concepts in business terms.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Strong understanding and experience with ISO 27001 & PCI DSS.
• Experience in information security and auditing with increasing responsibilities.
• Excellent team skills with ability to develop and manage successful internal and external relationships.
• Excellent strategic planning and innovation skills.
• Excellent communication and presentation skills, in writing and in person.
• Expert in Anti Money Laundering / Bank Secrecy Act 

Education and Experience

• 10+ years in Security and Compliance
• Master’s degree in Business, Accounting/Finance, Law, or related field required. 
• Preferred: Certified Regulatory Compliance Manager (CRCM) or Certified Anti-Money Laundering Specialist (CAMS)