Rent-A-Center
Cybersecurity Compliance Analyst II - Cybersecurity Assessments & Technical Lead
Rent-A-Center, Plano, Texas, us, 75086
Cybersecurity Compliance Analyst II
-
Cybersecurity Assessments & Technical Lead
(Plano Texas In-Office)
About Upbound
Upbound Group, Inc. (effective February 27, 2023: NASDAQ: UPBD) is an omni-channel platform company committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company's customer-facing operating units include industry-leading brands such as
Rent-A-Center
and
Acima
that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company branded retail units across the United States, Mexico and Puerto Rico.
Upbound Group, Inc . is headquartered in Plano, Texas . Acima
is headquartered in Draper Utah
JOB RESPONSIBILITIES:The Cybersecurity Compliance Analyst-Assessments & Technical Lead role will manage relationships with our Assessors and internal stakeholders. Assessment management includes collecting documentation and technical information from stakeholders, acting as the intermediary for data exchange, scheduling interviews with assessors and stakeholders, maintaining auditor portal access, tracking assessor requests and keeping stakeholders informed of their remediation requirements. As the Assessment Technical lead, you will use your technical knowledge to ensure assessments are conducted correctly. You will work with our internal teams to understand their technologies and how they are secured. You will act as an interpreter for less technical assessors and our technologists, who might be unfamiliar with how an assessment is conducted. In addition, you will be responsible for maintaining the tools we utilize within GRC for project management, data storage, and Risk Management. The individual who fills this role will be a valued member of the Upbound Group, Governance, Risk, and Compliance team (GRC) and will work directly with technologists and leadership for all Upbound brands.In addition, this role will ensure the completeness and accuracy of quarterly processes required to maintain PCI and SOX controls, as defined by the Sr. Director of Cybersecurity, GRC. This GRC team member will work closely with auditors and control owners to maintain audit readiness and to provide support during SOX and PCI audits. This includes coordinating compliance activities with control owners, collecting audit evidence, tracking compliance KPIs, and some project management when compliance remediation is required.
JOB REQUIREMENTS:Responsible for maintaining effective Cybersecurity Compliance at Acima, a subsidiary of Upbound GroupAbility to translate Enterprise level policies and apply them at the technology and process levelDrive security best practices and ensure both regulatory and compliance requirements are met (PCI, SOX, privacy)Ensure successful completion of PCI, SOX quarterly controls.Assist the Cybersecurity department by acting as a go-between for 3rd party auditorsCollecting audit evidence for internal or external auditorsManage schedules, scope, collect evidence and provide remediation and audit closureTrack compliance metrics and generate quarterly reportingIdentifies problems and presents findings in a professional manner. Recommends mitigations either via new technology, alternative compensating controls, enhanced processes or policy modifications to improve overall security posture.Performs ongoing assessments to drive finding remediation.Identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.Provides visibility into current compliance status through timely tracking, trending, and escalation of issues.Understands the design and effectiveness of IT controls.Establishes and meets deadlines to ensure adherence to rules and regulations.Manages and communicates key compliance milestones for critical systems and complex processes.Works effectively as a member of the GRC TeamGeneral understanding of business processes and how to apply regulatory compliance requirementsStrong communication skills with proven ability to drive solutions across all organizationsCertified Information Systems Auditor (CISA) preferredCertified in Risk and Information Systems Control (CRISC) Preferred5+ years of experience with any compliance framework such as ISO, SOX, SOC, PCI, etc.5+ years of relevant experience in audit, compliance programs or as a technologist2+ years maintaining or monitoring cybersecurity controlsBENEFITS/COMPENSATION
DTO (discretionary time off)Medical insurance with Blue Cross Blue ShieldHealth Savings Account (HSA) with company contributionDental insurance (Cigna) and Vision insurance (United Healthcare)Paid holidays401K match, 6%/3%College tuition reimbursement program (STEAM (Science, Technology, Engineering, Accounting, and Math)
-
Cybersecurity Assessments & Technical Lead
(Plano Texas In-Office)
About Upbound
Upbound Group, Inc. (effective February 27, 2023: NASDAQ: UPBD) is an omni-channel platform company committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company's customer-facing operating units include industry-leading brands such as
Rent-A-Center
and
Acima
that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company branded retail units across the United States, Mexico and Puerto Rico.
Upbound Group, Inc . is headquartered in Plano, Texas . Acima
is headquartered in Draper Utah
JOB RESPONSIBILITIES:The Cybersecurity Compliance Analyst-Assessments & Technical Lead role will manage relationships with our Assessors and internal stakeholders. Assessment management includes collecting documentation and technical information from stakeholders, acting as the intermediary for data exchange, scheduling interviews with assessors and stakeholders, maintaining auditor portal access, tracking assessor requests and keeping stakeholders informed of their remediation requirements. As the Assessment Technical lead, you will use your technical knowledge to ensure assessments are conducted correctly. You will work with our internal teams to understand their technologies and how they are secured. You will act as an interpreter for less technical assessors and our technologists, who might be unfamiliar with how an assessment is conducted. In addition, you will be responsible for maintaining the tools we utilize within GRC for project management, data storage, and Risk Management. The individual who fills this role will be a valued member of the Upbound Group, Governance, Risk, and Compliance team (GRC) and will work directly with technologists and leadership for all Upbound brands.In addition, this role will ensure the completeness and accuracy of quarterly processes required to maintain PCI and SOX controls, as defined by the Sr. Director of Cybersecurity, GRC. This GRC team member will work closely with auditors and control owners to maintain audit readiness and to provide support during SOX and PCI audits. This includes coordinating compliance activities with control owners, collecting audit evidence, tracking compliance KPIs, and some project management when compliance remediation is required.
JOB REQUIREMENTS:Responsible for maintaining effective Cybersecurity Compliance at Acima, a subsidiary of Upbound GroupAbility to translate Enterprise level policies and apply them at the technology and process levelDrive security best practices and ensure both regulatory and compliance requirements are met (PCI, SOX, privacy)Ensure successful completion of PCI, SOX quarterly controls.Assist the Cybersecurity department by acting as a go-between for 3rd party auditorsCollecting audit evidence for internal or external auditorsManage schedules, scope, collect evidence and provide remediation and audit closureTrack compliance metrics and generate quarterly reportingIdentifies problems and presents findings in a professional manner. Recommends mitigations either via new technology, alternative compensating controls, enhanced processes or policy modifications to improve overall security posture.Performs ongoing assessments to drive finding remediation.Identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.Provides visibility into current compliance status through timely tracking, trending, and escalation of issues.Understands the design and effectiveness of IT controls.Establishes and meets deadlines to ensure adherence to rules and regulations.Manages and communicates key compliance milestones for critical systems and complex processes.Works effectively as a member of the GRC TeamGeneral understanding of business processes and how to apply regulatory compliance requirementsStrong communication skills with proven ability to drive solutions across all organizationsCertified Information Systems Auditor (CISA) preferredCertified in Risk and Information Systems Control (CRISC) Preferred5+ years of experience with any compliance framework such as ISO, SOX, SOC, PCI, etc.5+ years of relevant experience in audit, compliance programs or as a technologist2+ years maintaining or monitoring cybersecurity controlsBENEFITS/COMPENSATION
DTO (discretionary time off)Medical insurance with Blue Cross Blue ShieldHealth Savings Account (HSA) with company contributionDental insurance (Cigna) and Vision insurance (United Healthcare)Paid holidays401K match, 6%/3%College tuition reimbursement program (STEAM (Science, Technology, Engineering, Accounting, and Math)