CYBERSECURITY COMPLIANCE ANALYST

(Draper-Hybrid)

COMPANY BACKGROUND/CULTURE

Upbound Group (NASDAQ: UPBD) is an omni-channel platform company committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company's customer-facing operating units include industry-leading brands such as Rent-A-Center® and Acima® that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company branded retail units across the United States, Mexico, and Puerto Rico. Upbound Group, Inc. is headquartered in Plano, Texas.

JOB RESPONSIBILITIES

The Cybersecurity Compliance Analyst role will be the local compliance resource for a wholly owned Subsidiary of Upbound Group (Acima). The individual who fills this position will be a member of the Upbound Group Governance, Risk, and Compliance (GRC) team and will be responsible for working directly with technologists and leadership at Acima to bolster and implement cybersecurity and compliance controls. In addition, this role will ensure the completeness and accuracy of quarterly processes required to maintain PCI and SOX controls, as defined by the Sr. Director of Cybersecurity – GRC.  This GRC team member will work closely with auditors and control owners to maintain audit readiness and to provide support during SOX and PCI audits. This includes coordinating compliance activities with control owners, collecting audit evidence, tracking compliance KPIs, and some project management when compliance remediation is required.

JOB REQUIREMENTS

• Responsible for maintaining effective Cybersecurity Compliance at Upbound Group’s subsidiary Acima
• Ability to translate Enterprise-level polices and apply them at the technology and process level
• Drive security best practices and ensure both regulatory and compliance requirements are met (PCI, SOX, privacy)
• Ensure successful completion of PCI, SOX quarterly controls.
• Assist the Cybersecurity department by facilitating acting as a go-between for auditors
• Collecting audit evidence for internal or external auditors
• Manage schedules, scope, evidence collection, remediation, audit closure
• Track compliance metrics and generate quarterly reporting
• Identifies problems and presents findings in a professional manner, recommend mitigations either via new technology, alternative compensating controls, enhanced processes, or policy modifications to improve overall security posture.
• Performs ongoing assessments to drive remediation.
• Identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
• Provides visibility into current compliance status through timely tracking, trending, and escalation of issues.
• Understands the design and effectiveness of IT controls.
• Establishes and meets deadlines to ensure adherence to rules and regulations.
• Manages and communicates key compliance milestones for critical systems and complex processes.
• Works effectively as a member of the GRC Team
• 5+ years of relevant experience in audit, compliance programs, or as a technologist
• 2+ years maintaining or monitoring cybersecurity controls
• General understanding of business processes and how to apply regulatory compliance requirements
• Strong communication skills with proven ability to drive solutions across all organizational levels

(NICE TO HAVES)

• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• 5+ years of experience with any compliance framework such as ISO, SOX, SOC, PCI, etc.