ABOUT THE ROLEThis role will be responsible for assisting in the management of Bacardi's compliance programs relating to third-party risk management, security awareness training, audit support, policy management, data mapping, data privacy, data security, and other matters related to Bacardi's regulatory compliance requirements. The role will support the Cyber Security Compliance team by maintaining a Compliance Dashboard, ensuring that documentation is up to date, and ensuring performance metrics meet stated targets while working on special project activities as needed. This position will report to the Cyber Security Compliance Manager.ABOUT YOUThe Tech Compliance Analyst role plays an active part in implementing and managing information security compliance and privacy objectives.The role will be responsible for assisting in the management of Bacardi's compliance programs as it relates to identity access management, change management, third-party risk management, security awareness training, audit support, policy management, data mapping and privacy, data security and other matters related to Sarbanes-Oxley (SOX) General IT Controls, Payment Card Industry (PCI), General Data Protection Regulation (GDPR), and other regulatory compliance requirements.This role will also assist in the design and implementation for security technology solutions to support compliance needs and act as a trusted advisor for managing the risks and controls impacting Bacardi's security and regulatory compliance obligations (i.e., Third Party Vendor Risk Management, PCI, SOX, CCPA, etc).**Responsibilities**:- WITH OUR CONSUMER AT THE HEART YOUR KEY FOCUS WILL BE**Third Party / Vendor Risk Management**- Conducting due diligence of all prospective third party providers and partners- Tracking and monitoring all third-party entities (vendors, subcontractors, etc.) engaged with Bacardi on an ongoing basis- Conducting annual security reviews of all third parties engaged with Bacardi- Conducting internal third-party inventory and data mapping exercises associated with all third parties- Monitoring and enforcing Bacardi's standards with all third-parties**Regulatory Audit Support**- Tracking of remediation efforts in areas of non-compliance identified as a result of internal/external reviews and audits- Supporting any internal and external audits pertaining to Bacardi's Cyber Security Program and regulatory compliance requirements (SOX, GDPR, CCPA, PCI, etc.) to ensure all audits and/or risk assessments are completed effectively by providing appropriate evidence timely to audit staff- Performing and documenting internal audits and reviews of Bacardi Tech Security and Compliance programs as needed.**Tech Compliance Support**- Working with various IT and Functional areas as needed to proactively drive operational compliance with particular focus on security policies- Performing internal reviews of control procedures within the organization to help ensure responsible business units are adhering to policy and procedure expectations- Assisting with the design and implementation of identity and access management controls as needed- Assisting with the design and implementation of IT operational controls as needed- Overseeing, tracking, and scheduling all security patching on Enterprise infrastructure critical to business unit functionsSkills and Experience- CRITICAL EXPERIENCES FOR SUCCESS- To be successful in this role you will have:- 2 years experience in a supporting role on an IT Security/Compliance Team- Knowledge of common security compliance processes and frameworks- Extensive experience with audit related items and regulatory requirements (SOX, GDPR, etc.)- Excellent analytical and problem-solving skills- Excellent communications skills, both written and verbal- Technical knowledge - able to learn new tools and technical concepts quickly,- Ability to understand end-user security related priorities- Ability to adapt quickly to new technologies and changing security and business requirements- Ability to quickly troubleshoot security problems during operation of solutions- Ability to work with mínimal supervision- Ability to work closely with other key business stake holders to identify areas for improvement- Ability to manage and remediate incidents raised by the vulnerability management program- Proficiency in English- The following experiences and qualifications are recommended:- 5+ years' of Information Security and IT Risk experience with regulatory, internal audit and/or compliance testing, including the development of remediation activities or steps- An equivalent combination of education and/or experience may be substituted for the above requirements- Experience with development of General Controls and/or IT Compliance related standards- Working knowledge and exposure of IT Governance, Risk Management, and Compliance practices- Working knowledge and understanding of ISO 27001/2
