POSITION SCOPE & KEY RESPONSIBILITIES
The first mission of the IT compliance analyst will be to lead and ensure the implementation of
Edenred governance risk compliance (GRC) tool – a SaaS base solution. This mission will consist of
but not be limited to:
- migrating the existing IT compliance processes, controls and framework (mostly based on
- Excel) to the GRC tool
- improving IT compliance process leveraging on new capabilities provided by the tool
- support the deployment of the tool in Edenred BU’s (in cooperation with local CISO)
The activities of the IT compliance analyst will not be limited to the implementation of the tool and
she/he will be involved in other project/activities of the Global IT compliance & security team. As
part of the IT compliance your activities will include:
- To produce policies, procedure and controls to support compliance and ease audits
- To collect and maintain audit proofs and IT security documentation for services provided
- by iTEC (Edenred Global IT department) to ease global or local audits or compliance
- To map regulations and certifications requirements with Group's internal policies
- To map and maintain all regulations and certifications across the Group (GDPR, LGPD, PCIDSS, DSP2, HIPAA, ISO27001, etc.)
- Conduct periodic assessment of IT security compliance level
- Produce periodic KPI and reports
As part of Global IT compliance & security team and depending on your background, you will
also be part of some of the many other topics addressed by the team.
Through this position you will have to work with both business and IT teams in many different BU
across the world. It will give you the opportunity to acquire a good understanding of all Edenred’s
activities and how they are evolving, giving you many levers to continuity your career within
Edenred.
REQUIRED SKILLS & PROFILE
Experience: 3+ year of experience in one or all of the following: IT Internal Audit, IT Risk & Compliance
or IT Security.
Knowledge and Skills
MUST
- Experience creating, implementing, maintaining and monitoring security policies,
- standards, procedures, programs, plans and processes.
- Familiarity with regulatory requirements related to information security and privacy (e.g.
- Data privacy regulation such as GDPR, DSP2, etc.).
- English (Current team split between Paris and Bucharest - all meetings and deliverables
- must be in English)
- Ability to discuss with non-IT profiles (HR, legal, Business operation, sales, etc.)
- Pragmatism
- Ability to see the big picture
- Rigor
- Solution oriented
NICE to have:
- Experience implementing GRC tool and/or IT security compliance framework and
- controls
- Certification in information security (or related) such as CISM, CISA, CISSP
- Well versed in the information security issues affecting financial service organizations
- Spanish, French or Portuguese
VIBE WITH US
Joining us means:
Taking part in an ambitious corporate project
Becoming part of a team that embraced the digitalization challenge and enjoys this
transformation every day
Living our values every day: passions for customers, respect, imagination, simplicity,
entrepreneurial spirit.
Because:
You will greatly contribute to build the project that will improve the customers’ experience
on an international level
You will get exposure to various global cultures and teams
You will be working with the newest technologies to build a new platform from scratch
We offer you a very pleasant working environment, in the heart of Bucharest
We also have for you: meal tickets, holiday vouchers, health subscription, flexible hours, work
from home, flexible benefits system, on-the-job training & e-learning platforms.
And we do not stop here!