Compliance Analyst

Role and Responsibilities

The Compliance Analyst reports to the Compliance Manager and will assist in the production, implementation and development of systems, processes and procedures by which the Company can demonstrate compliance to required internal policies and external standards, legislation and regulations ISO27001, PCI and SOC 1 & 2 and HiTrust

The Compliance Analyst will be familiar with and be able to provide evaluated responses to inquiries and assessments related to information security standards (e.g. PCI: DSS, ISO27001, SOC1 and SOC 2, HiTrust) and processes from internal stakeholders and both potential and existing clients.

They will also be required to Client and Vendor contracts for Security related clauses that may need changing.

The role does not have any direct reports but will be required to communicate with at all levels within the company for the provision of updates and communication of issues and resolutions and project plans, External contacts may include - Clients, Certification bodies and Industry Associations, External Auditors, and Affiliated Teleperformance organizations.

Overview of area of responsibility. To assist in the governance of external assurance and compliance.

**Responsibilities also include**:
Review of Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure

Provide evaluated response to security questionnaires, RFI and RFPs

Communicate requirements, areas to be audited and type of audit required, Changes/Updates etc.

Detailed awareness of existing policies, processes and procedures

Collect/Locate evidence for completion of external certification and regulatory audit (ISO27001, PCI, SOC, HIPAA etc.)

Review and assess submitted evidence

Identify risks and regulatory compliance gaps

Assist in the lifecycle of project and action plans, ensuring responsibilities and deadlines for actions are assigned

Immediately escalate serious gaps in compliance

Create and maintain documentation.

Works with global security team in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems for Teleperformance.

Stay informed about legal and regulatory requirements and ensure that applicable requirements are appropriately addressed.

Completes all special projects and other duties as assigned

**Qualifications and Education Requirements**

The successful applicant must be able to obtain UK Government BPSS clearance and will be required to be a resident of the UK.

A Bachelor's degree or the equivalent combination of education, technical training or work/military experience.

3-5 years of experienced with regulatory requirements including but not limited to PCI-DSS, ISO2700, SOC, HIPAA, etc.

Knowledge and Work experience in Compliance and Audit, Risk Management or related fields such as Audit, IT Security, Security Compliance, however other IT disciplines are eligible

Technical knowledge to understand detailed issues around security, and overall risk in IT. Able to have enough expertise to drive a solution and solve issues, addressing risk.

A self-starter with a high degree of confidence, and a conviction and ability to be able to gain the confidence and respect of the others, soliciting their ideas and suggestions.

Very good in communicating information security related concepts to a broad range of technical and non-technical staff including internal and external stake holders.

**Preferred Skills and experience**

Experience of managing ISO 27001, PCI, SOC or HiTrust/HIPAA compliance

Experience of working within BPO industry preferable

Experience of working within Information Security Compliance

Experience of conducting internal audits