Full-time
IS Compliance Analyst - Vendor Risk Management - Costco Wholesale - Issaquah, WA

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children's Miracle Network Hospitals. Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes “America’s Best Employers”. This individual will guide and promote all aspects of the analysis, communication, implementation and risk mitigation of internal controls relative to the mandates and regulatory requirements to which Costco is subject, domestically and internationally. They will work with other business and legal departments to define and set new corporate guidance in response to emerging standards and legislation. This individual will be required to anticipate regulatory impacts, promote company awareness, meet compliance deadlines, propose solutions to deficiencies, reach out in support of the business/operations, and communicate effectively at all levels. This includes: directing communication of policies, procedures and testing to maintain adherence to applicable standards and regulations; providing direction and guidance to IT and associated business areas for the resolution of identified weaknesses or deficiencies; engaging in compliance activities and establishing/meeting deadlines to ensure that due diligence in adherence to rules and regulations can always be substantiated; coordinating these efforts across regional and international Costco operations; engaging with vendors to ensure compliance per vendor risk. If you want to be a part of one of the BEST “to work for” companies in the world, simply apply and let your career be reimagined. ROLE Maintains a strong understanding of current and upcoming regulatory requirements and their impact on compliance such as GDPR, CCPA, PCI, and HIPAA. Conducts third-party risk assessment and generate findings and recommendations. Collaborates with stakeholders to conduct vendor Privacy/PCI/HIPAA risk assessments. Develops, manages, and executes plans to communicate findings to necessary stakeholders and vendors. Collaborates with the business and vendor to develop and implement controls to mitigate all known deficiencies, and minimize risks. Works closely with IT Management, business, Legal and internal/external auditors to ensure successful follow-through and completion of compliance and mitigation activities. Drives assigned tasks leveraging IT expertise or outside resources where needed. Coordinates between external auditors and staff being audited if required. Creates, updates, and maintains third-party risk management policies and standards. Collaborates with business owners to rate vendors using the defined Vendor Risk Management methodology. REQUIRED A Bachelor’s degree in Computer Science or a minimum of 6 years’ of information systems security experience. One or more professional security certifications such as ISA, HCISPP, CIPT, CIPP, CISSP or readiness to sit the examination. Ability to interpret information security data and processes to identify potential compliance issues (SOX, HIPAA, PCI, GDPR). Working knowledge of information systems security risk frameworks, standards, and practices. Ability to quickly understand security systems in order to identify and validate risk exposure. Strong familiarity with applicable privacy laws and regulations. Thorough understanding of privacy laws, regulations, self-regulatory regimes, and industry best practices, including current and future trends. Ability to clearly communicate effectively with all levels of staff including executives, auditors, end users, and engineers. Ability to work effectively, independent of assistance or supervision. Innovative, creative, and extremely responsive with a strong sense of urgency. Demonstrated mentoring skills (knowledge sharing and assist others in understanding technical and business topics). Required Documents Cover Letter Resume

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.