Sr Analyst, IT Risk & Compliance

Neiman Marcus
Irving, Texas, United States
03 May 2022
28 Jul 2022
Neiman Marcus Group (NMG) is looking for a dynamic, motivated, creative, self-starter with excellent interpersonal skills to be part of the Neiman Marcus risk and compliance team.

The Senior Compliance Analyst will be responsible for ensuring compliance with regulatory and industry mandates such as SOX, PCI, GDPR, and CCPA as they pertain to the information technology components of the company. The role will primarily be responsible for the development and governance of NMG's privacy compliance program. The day-to-day aspects of the role will include performing scoping, identifying critical controls, implementing controls, conducting regular review exercises, documenting the artifacts and the evidence, and partnering with auditors, legal, IT, and business owners to ensure privacy and security compliance.

Duties and Responsibilities:

  • Lead the implementation and management of the Privacy Compliance Program utilizing privacy and data governance best practices and tools.
  • Participate in implementing the data discovery and classification of sensitive data across the company's data stores.
  • Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) of third parties and as required by the company's data governance program.
  • Participate in managing IT risk register by coordinating mitigation and exceptions for all identified privacy, security, and compliance risks.
  • Participate in creating and reviewing security policies, standards, and responsibility models to ensure security practices and responsibilities are clearly outlined for the organization.
  • Support facilitation of PCI-DSS, SOX, and other internal or external audits and assessments.
  • Implement processes and controls to ensure that GDPR & CCPA requirements are met.
  • Monitor changes in national and international privacy and security laws to determine the impact on NMG systems and processes.
  • Endorse and support a compliance culture whereby employees are encouraged to seek clarifications and support for the company's compliance initiatives.


  • Bachelor's degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s).
  • 5+ years of experience in the areas of Information Technology or Information Security.
  • Security and Compliance certifications such as CISSP, CIPP/US, CISA, CISM, CGEIT, or CRISC. Candidates with CISSP and CIPP/US will be preferred.

Technical Knowledge:
  • The candidates MUST possess a solid working knowledge of:
    • Data privacy laws (GDPR & CCPA) and best practices.
    • Data discovery, classification, cataloging, and protection methodologies and tools such as OneTrust.
  • Control frameworks and control objectives (ex NIST Privacy Framework, NIST CSF, NIST RMF, PCI-DSS, SOX, COSO, COBIT and ISO 27001, etc.)
  • Operating systems, databases and middleware components.
  • Conducting compliance and risk assessments.
  • Management of IT and security projects.

  • The candidates MUST possess familiarity and basic working knowledge of:
    • Broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security.
    • IT asset management utilizing ServiceNow (or other) Configuration Management Databases (CMDB) and network asset discovery tools.
    • Cloud-based environments and technologies with associated auditing methodologies.
    • Microsoft Office tools (Word, Excel, and PowerPoint)

Work Environment Characteristics:
  • Self-motivated and results-oriented, including the ability to prioritize conflicting demands.
  • Exceptional organizational skills to balance work and lead projects.
  • Strong verbal and written skills.
  • Candidate must be outgoing and service-oriented.
  • Candidate must be able to build consensus, collaborate, and build strong relationships. with various internal and external stakeholders (business, development, security, etc.)
  • Ability to adapt and apply information to new scenarios and technologies.

Similar jobs

More searches like this

Similar jobs