Performs professional work examining, evaluating, and/or monitoring conformity with laws, regulations, privacy or other business standards. Participates in licensure and permit compliance activities.
This class is intended for journey-level professional compliance activities in a state agency. Some positions in this class may supervise administrative compliance related activities.
Contributes to the implementation of compliance programs and associated policies, standards, procedures and controls within the organization. Works with others to define and incorporate controls into the organization’s processes, initiatives and development of information systems. Identifies information assets and classifies them based on their level of sensitivity, value and criticality to the organization in line with the data classification schema. Works with others to provide mitigation for compliance risks. Investigates complaints and adopts the appropriate steps to respond to and address the complaints. Reports violations of compliance or regulatory standards to duly authorized enforcement agencies as appropriate or required. Works with managers to identify and investigate compliance incidents that violate the organization’s compliance programs. Supports management in their role as a liaison for any complaints and/or investigations related to compliance. Supports the development of compliance training and communication programs to educate and update employees on requirements. Performs information security, privacy or other compliance audits. Works with senior auditors and management to develop the scope, objectives and auditing methodology for information security, privacy and other audits. Works with management to maintain and enhance existing information security and privacy audit programs to concur with regulatory changes. Identifies control deviations within the organization’s technical infrastructure systems and key information security development initiatives. Works with auditors to document information security and privacy audit results and findings for internal review. Evaluates audit findings to confirm information security and privacy controls are implemented as designed, and that they remain operating effectively. Develops recommendations to remediate control deviancies and mitigate information security and privacy risks. Performs follow-up review on audit procedure issues noted in past audits to confirm they are not repeated in future audits. Keeps informed regarding pending legal, regulatory or industry changes, trends, and best practices and assesses the potential impact of these changes on organizational processes. Consults legal staff as necessary to address difficult legal compliance issues.
Knowledge of applicable internal and/or external regulatory policies, standards, procedures and controls. Ability to understand information privacy laws, policies, procedures and technology. Ability to communicate effectively with others orally and in writing. Knowledge of relevant laws and regulations. Ability to establish and maintain interpersonal relationships. Ability to use relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards. Ability to analyze data and information in making decisions and solving problems.
A bachelor’s degree and relevant experience