Daxko powers health & wellness throughout the world. Every day our team members focus their passion and expertise in helping health & wellness facilities operate efficiently and engage their members.
Whether a neighborhood yoga studio, a national franchise with locations in every city, a YMCA or JCC--and every type of organization in between--we build solutions that make every aspect of running and being a member of a health and wellness organization easier and delightful.Job Description
The Compliance Specialist is responsible for working with internal teams to obtain an in-depth understanding of IT requirements in order to translate them into policies, procedures, standards and work instructions. In this vital position, you will assist in ensuring company compliance for various applications, produce high-quality documentation that meets compliance regulations, risk and security standards, and provide technical and editorial document review and expert opinion on compliance and cyber/infrastructure security documents.
Write and/or edit technical documents, including policies, procedures and work instructions. Develop outlines and drafts for review and approval by technical engineers, developers and compliance management ensuring that final documents meet applicable technical industry and compliance standards.
Translate IT application/technical process information into user-friendly content.
Provide expertise in the creation, implementation and maintenance of appropriate policies, and procedures to be compliant with applicable technology, regulatory and compliance requirements including PCI-DSS, PA-DSS, SSAE 18 (SOC 1 Type II) SOC 2, GDPR and HIPAA.
Understand IT compliance control gaps and oversee the documentation of the entire IT compliance control portfolio.
Assist in the policy lifecycle by monitoring changes to the standards and regulatory landscape as it pertains to the organization.
Consult relevant regulatory, information sources and resources, technical documents, to obtain background information, and verify pertinent guidelines and regulations governing technical documentation deliverables are applied.
Manage the tracking, monitoring and document control of technical documents.
Provide risk analysis and work to ensure proper results are documented as necessary.
Assist in compliance audits working with qualified security assessors, developers and system engineers.
Make recommendations to management at all levels to ensure that appropriate levels of compliance are maintained.
Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
Continuously promote security awareness and look for ways to block security threats when identified.
Must have excellent technical writing skills.
Must have excellent organizational skills, specifically ensuring consistency in documentation.
Ability to understand and interpret laws and regulatory requirements related to information protection to develop and implement appropriate processes keeping the Company in compliance.
Ability to analyze risks and recommend appropriate controls to reduce or mitigate the risks.
Knowledge of published security standards (NIST, TSA, CIS, COBIT, HIPAA, PCI, ISO, California Consumer Privacy Act)
Experience delivering documentation to both technical and non-technical audiences.
Demonstrated understanding of data processing, hardware platforms, operating systems, databases and enterprise software applications.
Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and customers.
Must be able to effectively communicate with varied company stakeholders utilizing excellent verbal and written communication skills.
Strong analytical and creative problem-solving skills.
Proven ability to effectively manage competing priorities while meeting deadlines including compliance requirements with violations associated with non-compliance.
Required Education and Experience:
Bachelor’s degree in Technical Writing, English, Computer Science or Business Administration or equivalent combination of education and experience.
Three (3) or more years of experience in the compliance governance, risk or cyber security field.
Three (3+) years of experience in an IT technical support, system administration, computer systems or network maintenance is required.
Two (2) or more years of experience with the development and/or updating of cyber security compliance related policies, processes, or standards.
Experience with principles and technology, including access/control, authorization, identification and authentication, public key infrastructure, network, and cloud security architecture.
Experience organizing workgroups for cross functional projects required.
Experience in planning, organizing, and developing information technology policies, procedures, and practices.
Experience with using Atlassian Confluence and JIRA
Preferred Education and Experience:
Bachelor’s degree in Technical Writing, English, Computer Science or Business Administration
Five (5+) years of relevant experience
Security and compliance certifications
Project management experience
Daxko is dedicated to pursuing and hiring a diverse workforce. We are committed to diversity in the broadest sense, including thought and perspective, age, ability, nationality, ethnicity, orientation, and gender. The skills, perspectives, ideas, and experiences of all of our team members contribute to the vitality and success of our purpose and values.
We truly care for our team members, and this is reflected through our offices, benefits, and great perks. Some of our favorites include:
- Flexible paid time off
- Affordable health, dental, and vision insurance options
- Monthly fitness reimbursement
- 401(k) plan with matching
- New-Parent Paid Leave
- 1-month paid sabbatical every 5 years
- Casual work environments
All your information will be kept confidential according to EEO guidelines.