IT Compliance Analyst
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Information Security Team is looking for an IT Risk and Compliance Analysis to join the IT Compliance Team. The IT Risk and Compliance Analyst will assist in supporting Morningstar's compliance related responsibilities. This individual will help document security processes and procedures, ensure current and future compliance obligations are met, assist in identifying and following up on information security findings, gather evidence required for internal and external audits, conduct 3rd party vendor risk assessments, and respond to customer RFPs and due diligence questionnaires. This position is based in our Chicago office.
Job Responsibilities
+ Assist in supporting Morningstar's current and future compliance related responsibilities (SOX, SOC2, PCI-DSS, SEC, etc.)
+ Monitor and enforce compliance to information security and compliance policies and standards
+ Conduct 3rd party vendor risk assessments
+ Assist with documenting and regularly reviewing security policies, processes and procedures
+ Respond to customer RFPs and due diligence questionnaires
+ Gather evidence required for internal and external audits
+ Liaise with third party audit personnel as required
Qualifications
+ A bachelor's degree and 2+ years' experience in a risk and compliance or I.T. auditor role
+ Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etc.)
+ Familiarity with IT audits and risk assessments
+ Familiarity with security frameworks (ISO 27001, NIST, etc.) and general security concepts
+ Strong organizational skills and the ability to multitask and switch priorities with short notice
+ Strong business analysis, research and analytical skills
+ Excellent communication skills
+ Experience in reviewing SOC 2 reports
+ Availability to work off business hours as required
001_MstarInc Morningstar Inc. Legal Entity