About the Role:
As an IT Compliance Engineer at Zamp, you'll be at the forefront of ensuring our systems and operations comply with industry standards and regulations. In the fast-paced world of fintech, maintaining robust IT compliance is paramount to safeguarding our operations and maintaining trust with our customers.
Key Responsibilities:
- Access Control Management: Oversee and implement access control measures across all IT systems and platforms, ensuring only authorized personnel have appropriate access privileges
- Network Controls: Design, implement, and maintain network controls to safeguard against unauthorized access, data breaches, and cyber threats
- Regulatory Compliance: Stay abreast of relevant regulatory requirements in the fintech industry and ensure our IT infrastructure and operations align with these standards
- Policy Development: Develop and update IT compliance policies, procedures, and guidelines to ensure they reflect current regulatory requirements and industry best practices
- Risk Assessment: Conduct regular risk assessments of IT systems and processes to identify vulnerabilities and areas for improvement, and develop strategies to mitigate risks
- Audit Support: Collaborate with internal and external auditors to facilitate IT compliance audits, providing necessary documentation, evidence, and support
- Incident Response: Assist in developing and implementing incident response plans to address and mitigate any IT compliance breaches or security incidents
- Training and Awareness: Provide training and awareness programs to educate employees on IT compliance requirements, policies, and procedures
Qualifications & Skill Set Required:
- Bachelor's degree in Computer Science, Information Technology, or a related field
- 3-4 years of experience in IT compliance, preferably in the fintech or financial services industry
- Strong understanding of access control principles and practices, including role-based access control (RBAC) and least privilege access
- Proficiency in designing and implementing network controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption technologies
- Thorough knowledge of relevant regulatory frameworks, such as GDPR, PCI DSS, and SOC 2, and experience implementing compliance requirements
- Excellent analytical and problem-solving skills, with the ability to assess risks and develop effective mitigation strategies
- Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate complex technical concepts to non-technical stakeholders
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are a plus
