Cybersecurity Compliance Analyst II -
Cybersecurity Assessments & Technical Lead
(Plano Texas In-Office)
About Upbound
Upbound Group, Inc. (effective February 27, 2023: NASDAQ: UPBD) is an omni-channel platform company committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company’s customer-facing operating units include industry-leading brands such as
Rent-A-Center and
Acima that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company branded retail units across the United States, Mexico and Puerto Rico.
Upbound Group, Inc. is headquartered in Plano, Texas
. Acima is headquartered in Draper Utah
JOB RESPONSIBILITIES:
The Cybersecurity Compliance Analyst-Assessments & Technical Lead role will manage relationships with our Assessors and internal stakeholders. Assessment management includes collecting documentation and technical information from stakeholders, acting as the intermediary for data exchange, scheduling interviews with assessors and stakeholders, maintaining auditor portal access, tracking assessor requests and keeping stakeholders informed of their remediation requirements. As the Assessment Technical lead, you will use your technical knowledge to ensure assessments are conducted correctly. You will work with our internal teams to understand their technologies and how they are secured. You will act as an interpreter for less technical assessors and our technologists, who might be unfamiliar with how an assessment is conducted. In addition, you will be responsible for maintaining the tools we utilize within GRC for project management, data storage, and Risk Management. The individual who fills this role will be a valued member of the Upbound Group, Governance, Risk, and Compliance team (GRC) and will work directly with technologists and leadership for all Upbound brands.
In addition, this role will ensure the completeness and accuracy of quarterly processes required to maintain PCI and SOX controls, as defined by the Sr. Director of Cybersecurity, GRC. This GRC team member will work closely with auditors and control owners to maintain audit readiness and to provide support during SOX and PCI audits. This includes coordinating compliance activities with control owners, collecting audit evidence, tracking compliance KPIs, and some project management when compliance remediation is required.
JOB REQUIREMENTS:
- Responsible for maintaining effective Cybersecurity Compliance at Acima, a subsidiary of Upbound Group
- Ability to translate Enterprise level policies and apply them at the technology and process level
- Drive security best practices and ensure both regulatory and compliance requirements are met (PCI, SOX, privacy)
- Ensure successful completion of PCI, SOX quarterly controls.
- Assist the Cybersecurity department by acting as a go-between for 3rd party auditors
- Collecting audit evidence for internal or external auditors
- Manage schedules, scope, collect evidence and provide remediation and audit closure
- Track compliance metrics and generate quarterly reporting
- Identifies problems and presents findings in a professional manner. Recommends mitigations either via new technology, alternative compensating controls, enhanced processes or policy modifications to improve overall security posture.
- Performs ongoing assessments to drive finding remediation.
- Identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
- Provides visibility into current compliance status through timely tracking, trending, and escalation of issues.
- Understands the design and effectiveness of IT controls.
- Establishes and meets deadlines to ensure adherence to rules and regulations.
- Manages and communicates key compliance milestones for critical systems and complex processes.
- Works effectively as a member of the GRC Team
- General understanding of business processes and how to apply regulatory compliance requirements
- Strong communication skills with proven ability to drive solutions across all organizations
- Certified Information Systems Auditor (CISA) preferred
- Certified in Risk and Information Systems Control (CRISC) Preferred
- 5+ years of experience with any compliance framework such as ISO, SOX, SOC, PCI, etc.
- 5+ years of relevant experience in audit, compliance programs or as a technologist
- 2+ years maintaining or monitoring cybersecurity controls
Benefits/Compensation
- DTO (discretionary time off)
- Medical insurance with Blue Cross Blue Shield
- Health Savings Account (HSA) with company contribution
- Dental insurance (Cigna) and Vision insurance (United Healthcare)
- Paid holidays
- 401K match, 6%/3%
- College tuition reimbursement program (STEAM (Science, Technology, Engineering, Accounting, and Math)