Compliance & Risk Analyst

This position is responsible for owning and driving the third-party audits and certification program and streamlining the internal processes and controls while maintaining a high degree of quality. This includes full ownership of the SOC audit and ISO certification program and other third-party audit/certifications of the organization's products, practices, and services.

ESSENTIAL JOB FUNCTIONS AND RESPONSIBILITIES:

• Implements and manages new third party audit and certification programs, including the coordination, execution and monitoring of controls testing, exceptions and remediation

• Partners with internal control owners and business areas to conduct walkthroughs, audit readiness exercises, assess control design, and test control operating effectiveness of processes across the organization

• Acts as a liaison to the company’s external auditors and internal control owners to facilitate various internal audits/assessments such as SSAE 18 SOC 1, SOC 2, ISO certification and other third-party audit and certifications

• Coordinates with business areas and internal control owners across the business to map controls to relevant standards, prioritize implementation, and ensure that control language is crafted so that it can be implemented in a way that will meet all necessary qualifications, standards and audits.

• Drives control optimization and automation opportunities, data analytics and process improvements.

• Ensures continuous control evidence is collected and filed for ongoing/future audit

• Oversees the ISO certifications process for the organization, ensuring policies are designed and followed to meet the continuous ISO qualifications

• Assists business areas with responses to customer specific questions and concerns.

• Supports Customer discussions and communications regarding third party certifications

• Ensures third party certification reports, bridge letters and other documentation are maintained and appropriately accessible.

• Contribute to on-going efforts to standardize and improve audit readiness testing techniques and program level process/documentation.

• Develops customer facing materials covering topics related to security, compliance, and audit to help customers manage their own audit efforts more effectively

• Collaborates with the Compliance and Legal Departments on compliance issues

• Assists with special projects such as operational audits and other department projects

• Assists with cross team remediation project tasks

• Prioritizes and manages multiple projects simultaneously and follows through on issues in a timely manner.

• Participates in projects and performs other duties as assigned.

SUPERVISORY RESPONSIBILITIES:

• N/A

KNOWLEDGE, SKILLS AND ABILITIES:

• Knowledge of the COSO and NIST Frameworks.

• Knowledge of reporting procedures and record keeping

• A business acumen partnered with a dedication to legality

• Knowledge of and ability to create, implement, evaluate and enhance processes in internal controls.

• Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process risks; ability to apply this knowledge appropriately to diverse situations.

• Detailed knowledge of business workflows, excellent communication skills, and a highly adaptable approach

• Identify and develop process strategies that meet and exceed client and stakeholder expectations

• Ability to lead projects in such a way as to promote teamwork, effective collaboration, and high levels of employee engagement.

• Superior organization, project management skills and attention to detail

• High level of commitment to quality work product and organizational ethics, integrity, and compliance

• Ability to work effectively in a fast-paced, team environment

• Strong interpersonal skills and the ability to effectively communicate, both written and verbally

• Demonstrated decision making and problem-solving skills

• Detail-oriented with the ability to multi-task and meet deadlines with minimal supervision

• Ability to manage projects and make decisions across multiple opportunities and/or priorities

• Must be able to multitask and work under tight deadlines.

• Excellent judgment and decision-making capability

• Ability to work with little instruction on day-to-day work, general instructions on new assignments

• Ability to network with senior internal and external personnel in own area of expertise

• Must possess strong interpersonal, organizational, presentation and facilitation skills.

• Proficiency in Microsoft Office Packages

• Working knowledge of major ERP systems (Workday, Jira, ServiceNow) a plus.

• Ability to apply professional concepts, experience and company objectives in order to perform an in-depth analysis of situations or data to resolve complex issues in creative ways

EDUCATION AND TRAINING:

• Bachelor’s Degree (e.g. Business Administration, Risk Management, Quality Assurance, Business Performance)

• Six (6) plus years of experience in security assurance and trust frameworks, including PCI DSS, ISO 2700X, NIST 800-53, and SOC Audit programs/ISO certification processes.

• Experience with designing and managing SOC controls within an organization.

• Experience with designing and managing ISO quality program

• Or equivalent combination of education and/or experience

Other Qualifications
The Winning Way behaviors that all Vertex employees need in order to meet the expectations of each other, our customers, and our partners.

• Communicate with Clarity - Be clear, concise and actionable. Be relentlessly constructive. Seek and provide meaningful feedback.

• Act with Urgency - Adopt an agile mentality - frequent iterations, improved speed, resilience. 80/20 rule – better is the enemy of done. Don’t spend hours when minutes are enough.

• Work with Purpose - Exhibit a “We Can” mindset. Results outweigh effort. Everyone understands how their role contributes. Set aside personal objectives for team results.

• Drive to Decision - Cut the swirl with defined deadlines and decision points. Be clear on individual accountability and decision authority. Guided by a commitment to and accountability for customer outcomes.

• Own the Outcome - Defined milestones, commitments and intended results. Assess your work in context, if you’re unsure, ask. Demonstrate unwavering support for decisions.

COMMENTS:

The above statements are intended to describe the general nature and level of work being performed by individuals in this position. Other functions may be assigned, and management retains the right to add or change the duties at any time.

Base pay offered to new hires may vary based upon factors including relevant industry and job-related skills and experience, geographic location, and business needs.* The range displayed does not encompass the full potential of the role, which allows for further growth and career progression.

In addition, as a part of our total compensation package, this role may be eligible for the Vertex Bonus Plan (VOB), a role-specific sales commission/bonus, and/or equity grants.

Learn more about Life at Vertex and connect with your recruiter for more details regarding Vertex's compensation and benefit programs.

*In no case will your pay fall below applicable local minimum wage requirements.