For our ADA-friendly site, please click here

SOX Compliance Analyst

Information Technology

Neiman Marcus Group (NMG) is looking for a dynamic, motivated, creative, self-starter with excellent interpersonal skills to be part of the Neiman Marcus risk and compliance team. The SOX Compliance Analyst will be responsible for ensuring compliance with regulatory and industry mandates such as SOX, PCI-DSS, GDPR,and CCPA as they pertain to the information technology components of the company. The role will include performing day to day aspects including scoping, identifying critical controls, implementing controls, conducting the periodic review exercises, documenting the artifacts and the evidence, and partnering with auditors and IT and business owners to complete the assessments.      


Key Performance Elements:


·        Lead and facilitate compliance with the SOX and PCI-DSS 

·        Ensure that all SOX and PCI-DSS controls are implemented, documented, and monitored through the course of the year 

·        Establish processes to support the controls and ensure that control self-assessments are conducted promptly with required completeness and accuracy 

·        Support the Risk & Compliance team to implement processes and controls to ensure the company's compliance with other regulatory and industry mandates such as GDPR and CCPA 

·        Participate in identifying and validating critical controls to address IT and business risks and work with various teams to address identified deficiencies 

·        Participate in audits of third parties such as vendors, services providers, consulting organizations, etc. 

·        Support third-party audits of NMG's IT or information security programs 

·        Facilitate assessment and audits by internal and external auditors and assessors 

·        Ensure that appropriate documentation in the form of policies, standards, and procedures is created and managed to support the various security, compliance, and audit requirements 

·        Provide guidance and support to IT and business to ensure continued compliance with the various mandates 

·        Endorse and support a compliance culture whereby employees are encouraged to seek clarifications and support for the company's compliance initiatives





·        Interact daily with the Neiman Marcus Information Technology teams, the Managed Infrastructure Services provider (onshore and offshore), the IT Vendor Management Organization, IT Project Management Office, and various contracted IT resources. Meet frequently with various business units to assess and evaluate information security and compliance services.  

·        Must be able to build relationships with technology and business teams across the company. An outgoing personality is a MUST for this position.    



·        Interact routinely with assessors, auditors, service providers, consultants/advisors, law enforcement agencies, and professional organizations. 



Minimum Entry Education and Experience:

·        Bachelor's or Master's degree in a computer or information management field 

·        Cybersecurity certifications such as CISSP, CISA, CRISC, or CISM are preferred 

·        5-7 years' experience in an information security compliance, audit, or risk management role with hands-on experience in a multitude of compliance initiatives including but not limited to: 

o   PCI-DSS 

o   SOX-404 

o   COSO, CoBIT, ISO2700 

o   NIST (CSF & RMF) 

o   HIPAA 


o   SSAE-16 [SOC-1 and SOC-2] 

·        Experience with developing and implementing automation for controls and compliance is preferred 

·        Strong analytical and problem-solving skills with the ability to function as a change agent 

·        Strong skills with intermediate to advanced level expertise with Excel and PowerPoint 

·        Demonstrated experience in working in a high paced multi-tasking environment. 

·        Understanding of security metrics and creation of useful dashboards for management review and consumption 




·        Thorough knowledge of PCI related standards including PCI-DSS, PA-DSS, ASV guidelines and other support documents 

·        Experience in implementing and utilizing compliance frameworks such as COSO, COBIT, NIST, and ISO 27001, etc. 

·        Thorough understanding of SOX, GDPR, and the California Consumer Privacy Act (CCPA) 

·        Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption, and key management, logging and monitoring and application security 

·        Familiarity with cloud-based environments and technologies with associated auditing methodologies 

·        Excellent documentation and communication skills 




Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings


Irving, Texas

📁 Information Technology


Irving, Texas

📁 Information Technology


Irving, Texas

📁 Information Technology

Los Angeles and San Francisco Applicants: Neiman Marcus will consider for employment qualified applicants with criminal history as required by applicable law.
If you have a disability under the Americans with Disabilities Act or similar law, and you need assistance in accessing our Career Center or wish to discuss potential accommodations related to applying for employment at our Company, please contact
To listen to an audio clip of this information, click HERE.