Audit and Compliance Specialist - Information Security and Regulatory Compliance

Join the Team: Audit and Compliance Specialist - Information Security and Regulatory Compliance Are you a detail-oriented and highly skilled professional with a passion for ensuring compliance with regulatory frameworks? Do you have a strong background in audit preparation, internal audits, and third-party risk management? Look no further! ATPCO, the foundation of flight shopping, is seeking an experienced Audit and Compliance Specialist to join our team. As a key member of our compliance team, you will play a critical role in ensuring ongoing compliance with various regulatory frameworks, including PCI-DSS, ISO 27001, and ISO 27701 standards, General Data Protection Regulation (GDPR), Data Privacy Framework (DPF), and other legal and regulatory requirements. About ATPCO ATPCO is the leading provider of pricing and retailing data, tools, and services to the airline industry. With over 55 years of experience, we have established ourselves as the foundation of flight shopping, working with 500+ airlines, global distribution systems, sales channels, and technology companies. Our solutions work seamlessly across existing, new, and evolving technologies and methods, from shopping to settlement. At ATPCO, we pride ourselves on our collaborative and dynamic work environment, promoting a culture of compliance and ethical behavior within the organization. Job Summary As an Audit and Compliance Specialist, you will be responsible for ensuring ongoing compliance with various regulatory frameworks, conducting internal audits, and supporting third-party risk management activities. You will work closely with auditors, collaborate with various teams to remediate audit findings, and develop and implement corrective action plans to address any identified gaps. If you have a strong analytical mindset, excellent communication skills, and a passion for compliance, we encourage you to apply for this exciting opportunity. Key Responsibilities Ensuring Ongoing Compliance: Continuously monitor and stay updated with changes in PCI-DSS, ISO 27001, and ISO 27701 standards. Ensure all policies, procedures, and practices comply with regulatory and organizational requirements. Conduct regular internal audits and risk assessments to identify areas of non-compliance. Develop and implement corrective action plans to address any identified gaps. Audit Preparation: Maintain comprehensive and accurate documentation of all compliance-related activities, policies, and procedures. Ensure all records are readily available for audit purposes. Coordinate with various departments to gather necessary documentation and evidence for audits. Conduct pre-audit reviews to ensure readiness and compliance. Audit Support: Serve as the primary point of contact for external auditors. Facilitate communication between auditors and internal teams. Provide auditors with required documentation, explanations, and evidence. Address any questions or concerns raised by auditors promptly and accurately. Review audit findings and collaborate with relevant teams to develop and implement remediation plans. Track and document the progress of remediation efforts resulting from audit findings to ensure timely resolution. Identify opportunities for process improvements to enhance compliance and reduce the risk of future findings. Implement best practices and lessons learned from previous audits. Third-Party Risk Management and ATPCO Security Assessments: Conduct risk assessments and due diligence on third-party vendors to ensure they meet ATPCO's security and compliance standards. Maintain a database of third-party risk assessments and ensure regular updates and reviews. Collaborate with the procurement and legal teams to ensure that all third-party contracts include necessary compliance and security requirements. Monitor third-party compliance with agreed-upon security and compliance standards. Facilitate RFP processes and address customer security self-assessment questionnaires regarding ATPCO's information security controls. Document and report on third-party incidents and their impact on ATPCO's compliance posture. Training and Awareness: Develop and deliver training programs to ensure staff are aware of compliance requirements and best practices. Promote a culture of compliance within the organization through ongoing awareness training campaigns. Qualifications Education: Bachelor's degree in Information Security, Compliance, or a related field. Certifications: Professional certifications such as CISA, CISM, CISSP, or equivalent are highly desirable. Experience: Proven experience in audit preparation, conducting internal audits, working with external auditors, and third-party risk management. Knowledge: Extensive knowledge of PCI-DSS, ISO 27001, and ISO 27701 standards, General Data Protection Regulation (GDPR), Data Privacy Framework (DPF), and other legal and regulatory requirements. Skills: Strong analytical, problem-solving, and communication skills. Ability to work collaboratively with cross-functional teams. Detail-oriented with a high level of integrity and accountability. What We Offer Competitive Salary: A salary range of USD $119,000 to $125,000, depending on experience. Benefits Package: A comprehensive benefits package, including opportunities for professional growth and development. Collaborative Work Environment: A dynamic and collaborative work environment that promotes a culture of compliance and ethical behavior. Training and Development: Ongoing training and awareness programs to ensure staff are aware of compliance requirements and best practices. How to Apply If you are a motivated and detail-oriented professional with a passion for compliance, we encourage you to apply for this exciting opportunity. Please submit your application, including your resume and cover letter, to [insert contact information]. We look forward to hearing from you! Don't hesitate to apply! We value a great attitude and a willingness to learn above all. Submit your application today! Apply for this job