The Compliance Department is organized into two functional areas, with each having a distinct role in carrying out the department’s mission in a highly regulated environment. This role will regularly interact with OCC’s IT and Security Services departments. The Senior Compliance Officer (IT & Security Services) will support the continued development and implementation of the IT and Security Services Compliance program which includes: process (also policy and procedure) and control development, risk identification and mitigation, and supporting regulatory exams. The Senior Compliance Officer will also be responsible for recommending enhancements to the performance, integrity, and compliance of the organization’s processes. This role is highly focused on review of the organization’s compliance with applicable regulatory and legal rules and requirements (i.e., SEC, CFTC, Federal Reserve, etc.) as they relate to technology and information security.
Essential Duties and Responsibilities:
Contribute to the development, maintenance and continuous improvement of the Regulatory Framework including policies, procedures and controls
Act as an advisor in Security Services compliance matters
Assist Security Services in evaluating new products, key business initiatives, significant technology, and systems to ensure compliance with policy, laws, and regulations
Participate in or lead compliance programs, projects, system implementations, or OCC initiatives
Interpret policies, laws, and regulations and assists Security Services in determining applicability and implementation strategy
Advise and support Security Services in establishing and implementing policies and procedures
Provide guidance to Security Services on the development and implementation of effective remediation plans to address internal or external findings
Keep abreast of, and leverage, industry best practices/frameworks (i.e., NIST CSF, COBIT, ISO, Cloud Security, etc.) to drive compliance related continuous improvements for IT and Security Services
Assist in the analysis of findings to identify themes and trends
Support other departmental activities and initiatives as required including assessment of compliance risks, supporting regulatory reporting and compliance reporting etc.
Broad knowledge of applicable regulatory, legal rules and requirements (e.g., SEC, CFTC, Federal Reserve, etc.).
Possesses proficiencies with the use of risk and control frameworks, and process improvement frameworks including for Cloud environment (e.g. COBIT, NIST CSF, COSO, ITIL, ISO 27001, ISO 9001, CMMI)
Familiarity with Systems Development Life Cycle (SDLC) process (Waterfall & Agile) and Secure Software Development Lifecycle
Comprehensive analytical, conceptual, and problem-solving skills.
Ability to work independently and as a member of a team, collaborating with internal business clients from different departments and at various levels of seniority.
Excellent organizational, written and oral communication skills.
Demonstrated ability to gather, analyze, and evaluate facts and prepare and present concise oral and written reports.
Proficiency with MS Office software, GRC tools and web-based reporting tools.
Proficiency with Cloud Computing Models, Risks and Cloud Control Environment. (AWS etc.)
Experience with document management tools (e.g., DMS, PolicyTech) a plus
Education and/or Experience:
5+ years of experience in IT, Information Security, IT Compliance, IT Risk Management, or IT Audit related field required
Bachelor’s degree or equivalent required (Degree in Computer Science or related field a plus)
Certificates or Licenses:
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.
You will receive an email notification to confirm that we've received your application.
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
For more information about OCC, please click here.
OCC is an Equal Opportunity Employer