IT Compliance Analyst
- Rochester, NY, USA
Monro, Inc. is one of the nation’s largest auto service companies and major tire retailer. We own and operate more than 1,200 stores in 32 states and our stock trades on the Nasdaq (MNRO). The Monro family of brands includes some the most recognizable names in the industry—Monro Auto Service and Tire Centers, Mr. Tire, Tire Choice, amongst many more regional chains. Our dominance is driven by teammates who strive to provide a five-star experience and deliver consistent value to our guests and shareholders. At Monro, we understand that a 5-star guest experience begins with a 5-star teammate experience. In fact, we’re currently investing more than $100 million in store improvements, new technology, and career development through our own Monro University training platform.
Destination Monro – Your Career is Here!
Do you have what it takes to shape a better future for yourself and the automotive service industry? Our vision is to be America’s leading auto and tire centers, trusted by consumers as the best place in our neighborhoods for quality automotive maintenance and repairs. We’re looking for motivated individuals at every stage in their career who share our vision. Positions are available in our retail locations across our many brands, in field management, and in store operations at our Store Support Center in Rochester, New York. If you like helping others, as much as you like working on cars; if you enjoy being part of a team, solving problems, and building guest relationships; if you value honesty and integrity - we have a Destination for you at Monro. Contact us to learn more. Destination Monro! – Your career is here.
The IT Compliance Analyst is responsible for conducting and coordinating internal and external audits, and risk and vulnerability management activities. This position is also responsible for developing, implementing, and maintaining IT compliance controls, and supports the execution of internal security compliance activities.
• Develop and maintain IT risk assessment; including determining the objectives and scope of internal audit and compliance programs with advisement of IT security leadership
• Assist IT with maintaining compliance with various regulatory requirements including SOX, PCI, Data Privacy/CCPA
• Coordinate, schedule and conduct internal IT security audits and partner with internal/external auditors to identify, evaluate and mitigate vulnerabilities of processes, procedures, and operations
• Monitor, research, analyze, and interpret federal and state regulations to determine applicability and risks to IT operations
• Update existing information security policies, standards, guidelines and procedures based on industry best practices and regulatory requirements
• Identify and communicate recommended/required security controls and document and monitor control implementation
• Track all audit and compliance remediation efforts and escalate issues not properly addressed
• Monitor and report status of security tasks and open remediation items
• Assist in the design, development, testing, documentation and implementation of information and cybersecurity solutions, security policies, standards, guidelines and procedures to ensure ongoing maintenance of security
• Monitor compliance of policies and standards among employees, contractors, partners and other third parties
• Provide guidance on managing and mitigating IT security risk related to the network infrastructure
• Assist in ensuring business units comply with information security standards and applicable regulations
• Perform other duties as assigned
Education and Experience:
Bachelor’s degree in Information Security, Computer Science, Management Information Systems, or related field with a minimum of 3 years experience in information security and/or related experience, or an equivalent combination of education and experience.
IT security related certification preferred (e.g., Security +, CISSP, CISA, GSEC, or similar professional certification)
Knowledge and Skills:
• Knowledge of IT audit and compliance frameworks
• Understanding of PCI, SOX, Data Privacy regulations, etc.,
• Familiarity with security controls relating to antivirus/antimalware, firewalls, network access control systems, or other similar products/technologies
• Experience and/or knowledge of SIEM systems desired
• Knowledge of IT and information security best practices
• Able to handle moderate problem resolution with general supervision
• Experience in risk assessment, audit, and IT security assessments
• Experience administering information security programs including risk assessments, forensic research, gathering metrics, and reporting status
• Basic knowledge of information security principles including Intrusion detection/prevention, vulnerability management, and change management
• Basic knowledge of ISO/IEC 27000 series, SSAE 16/18 or SAS 70 requirements, and security practices of Intranet and Extranet
• Must have strong interpersonal, teamwork, self-initiative skills
• Excellent organizational skills with the ability to manage multiple priorities and projects in a fast-paced environment to meet established deadlines
• Strong oral and written communication skills, including technical documentation; ability to effectively communicate with technical and non-technical users
Work Environment & Physical Requirements:
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, scanners and fax machines. Position requires prolonged periods of sitting/standing at a desk and working on a computer.
Ability to work standard business hours with the flexibility to work evenings, weekends and holidays as needed.
Occasional travel required.
- Health Insurance
- Dental Insurance
- 401K Retirement Plan with Company Match
- Paid vacation
- Paid Holidays
- Career Development
- Employee Discounts
Your next Destination!
Growth Opportunity: At Monro we’re committed to helping our teammates grow their career through the combination of coursework, demonstrating leadership skills and open opportunities. You will receive on-the-job training and course curriculum in Monro University that empowers you advance to the next level of Automotive Professional.
Monro, Inc. is an equal opportunity employer and affords equal opportunity to all applicants for all positions without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.