Compliance Analyst

Job Description:

The Compliance Analyst will be responsible for administering Third-Party Risk Management aspects of the AMLRS Information Security, Risk and Governance, Policy and Procedure framework.

The Compliance Analyst will be responsible for helping identify and lead initiatives to ensure that the compliance activities throughout the organization are effective and in compliance with our SOC2 controls.

The Compliance Analyst will participate in meetings as well as document risk and control activities including capturing artifacts, producing reports and metrics, and generating recommendations to reduce risk

Primary Responsibilities

• Administer the global GRC Third Party/ vendor review program, which includes risk rating new vendors, approving level 1 and collaborating with Sr. Analyst for level 2 vendors. Annual reviews of existing material and high-risk vendors.

• Assist with performing analysis of software licensing to ensure compliance with IP rights, working with Security and IT to remediate violations or bring into compliance.

• Assist in analysis of user access rights to ensure with ISO27001 and other industry standards of Least Privilege

• Create monthly reporting on the status and effectiveness of IT and Information Security metrics

• Perform GDPR/Data Privacy risk assessments and coordinate monitoring with other compliance and control functions, results are shared with Leadership on quarterly steering call as well as line of business leadership.

• Partner with Information Technology and Information Security to remediate identified gaps

• Assist in assessing key controls covered in the SOC2 and ISO27001 audits periodically throughout the year

• Provide guidance to executives, staff, and employees on third party compliance policies, procedures, and requirements

• Participate in a multifaceted educational awareness and training program that focuses on the elements of the compliance program, policies, and procedures

• Assist with the execution of compliance related activities such as our Business Continuity/Disaster Recovery exercises, risk matrix reviews, incident response tabletops, etc.

• Assist Sales in responding to Client Due Diligence requests

• Organize and maintain centralized repositories for relevant Third-Party Risk and metrics documents

• Assisting in the assessment of technology-related compliance issues across the organization including information security, identity management, user access, and data integrity.

• Ensure compliance with information security and privacy policies, procedures and workflows that refer to privacy or security breach incidents

• Participate in developing and reviewing company policies

Required Qualifications

• Bachelor’s degree

• KYC knowledge or experience

• Reporting or data analysis experience

• Problem solving skills

• Technical Acumen; Aptitude in learning cloud security tools

• Attention to detail

• 2 years+ of related work experience

Preferred Qualifications

• Three or more years of related work experience

• Working Knowledge of a GRC Framework

• Working Knowledge of ISO27001

• Have specific knowledge of key law, regulations, guidance, and industry-standard practices such as: GLBA, GDPR/CCPA

AML RightSource is committed to fostering a diverse work environment and is proud to be an equal opportunity employer. We provide equal employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.  

All the information concerning breaches of law during the recruitment process should be reported at pl.whistleblowing@amlrightsource.com. Upon request, you will be provided with Internal procedure for reporting and following up on breaches of law, adopted by the Company based on the Whistleblower Protection Act.