For our ADA-friendly site, please click here

SOX Compliance Analyst

📁
Information Technology
💼
Corporate
Share this Job
COMPANY OVERVIEW
For over a century, Neiman Marcus Group has served the unique needs of our discerning customers by staying true to the principles of our founders:  to be the premier omni-channel retailer of luxury and fashion merchandise dedicated to providing superior service and a distinctive shopping experience in our stores and on our websites. Neiman Marcus Group is comprised of the Specialty Retail Stores division, which includes Neiman Marcus and Bergdorf Goodman, and our international brand, mytheresa.com.  Our portfolio of brands offers the finest luxury and fashion apparel, accessories, jewelry, beauty, and home décor. The Company operates more than 40 Neiman Marcus full-line stores in the most affluent markets across the United States, including U.S. gateway cities that draw an international clientele.  In addition, we operate 2 Bergdorf Goodman stores in landmark locations on Fifth Avenue in New York City. We also operate more than 40 Last Call by Neiman Marcus off-price stores that cater to a value oriented, yet fashion minded customer.  Our upscale eCommerce and direct-to-consumer division includes NeimanMarcus.com, BergdorfGoodman.com Horchow.com, LastCall.com, and CUSP.com.  Every day each of our 15,000 NMG associates works towards the goal of enabling our customer to shop any of our brands "anytime, anywhere, and on any device." Whether the merchandise we sell, the customer service we offer, or our investments in technology, everything we do is to enhance the customer experience across all channels and brands.
 
DESCRIPTION

Neiman Marcus Group (NMG) is looking for a dynamic, motivated, creative, self-starter with excellent interpersonal skills to be part of the Neiman Marcus risk and compliance team.

    

The Senior IT Compliance Analyst will be responsible for ensuring compliance with Sarbanes Oxley (SOX) Act controls as they pertain to the information technology components of the company. The role will include performing day to day aspects including scoping, identifying key controls, implementing controls, conducting the quarterly and annual review exercises, documenting the artifacts and the evidence and partnering with auditors and IT and business owners to complete the assessments.

 

DUTIES AND RESPONSIBILITIES

  • Lead and facilitate compliance with the SOX Act
  • Ensure that all IT General Controls (ITGC) are implemented, documented, and monitored through the course of the year
  • Establish processes to support the controls and ensure that control self-assessments are conducted in a timely manner ensuring completeness and accuracy
  • Support the Risk & Compliance team to implement processes and controls to ensure company’s compliance with other regulatory and industry mandates such as PCI-DSS, GDPR, and CCPA
  • Participate in identifying and validating key controls to address IT and business risks and work with various teams to address identified deficiencies
  • Participate in audits of third parties such as vendors, services providers, consulting organizations etc.
  • Support third party audits of NMG’s IT or information security programs
  • Facilitate assessment and audits by internal and external auditors and assessors
  • Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to support the various security, compliance and audit requirements
  • Provide guidance and support to IT and business to ensure continued compliance with the various mandates
  • Endorse and support a compliance culture whereby employees are encouraged to seek clarifications and support for the company’s compliance initiatives
      

INTERNAL/EXTERNAL RELATIONSHIPS:

      

INTERNAL:

  • Interact daily with the Neiman Marcus Information Technology teams, the Managed Infrastructure Services provider (onshore and offshore), the IT Vendor Management Organization, IT Project Management Office, and various contracted IT resources. Meet frequently with various business units to assess and evaluate information security and compliance services. 
  • Must be able to build relationships with technology and business teams across the company. An outgoing personality is a MUST for this position.       
 

EXTERNAL:   

  • Interact routinely with assessors, auditors, service providers, consultants/advisors, law enforcement agencies and professional organizations.
     
 

COMPETENCIES:

  • Intimate understanding of Sarbanes Oxley (SOX) Compliance requirements and IT General Controls
  • Demonstrated experience in implementing and assessing SOX related standards, guidelines, and other regulatory mandates
  • Experience in implementing and utilizing compliance framework such as COSO, COBIT, NIST, and ISO 27001 etc
  • Thorough understanding of PCI-DSS, GDPR, and the California Consumer Privacy Act (CCPA)
  • Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security
  • Familiarity with cloud-based environments and technologies with associated auditing methodologies
  • Excellent documentation and communication skills

 

QUALIFICATIONS

  • Bachelor's or Master's degree in a computer or information management field
  • Cybersecurity certifications such as CISSP, CISA, CRISC, or CISM are preferred
  • 5-7 years’ experience in an information security compliance, audit or risk management role with hands on experience in a multitude of compliance initiatives including but not limit to

 

    • SOX-40
    • PCI-DS
    • COSO, CoBIT, ISO2700
    • NIST (CSF & RMF
    • HIPA
    • EU-GDPR, CCPA
    • SSAE-16 [SOC-1 and SOC-2


  • Experience with developing and implementing automation for controls and compliance is preferred
  • Strong analytical and problem-solving skills with the ability to function as a change agent
  • Strong skills with intermediate to advanced level expertise with Excel and PowerPoint
  • Demonstrated experience in working in a high paced multi-tasking environment.
  • Understanding of security metrics and creation of effective dashboards for management review and consumption.

 

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

Corporate

Irving, Texas

📁 Information Technology

Corporate

Irving, Texas

📁 Information Technology

Corporate

Irving, Texas

📁 Information Technology

Los Angeles and San Francisco Applicants: Neiman Marcus will consider for employment qualified applicants with criminal history as required by applicable law.
If you have a disability under the Americans with Disabilities Act or similar law, and you need assistance in accessing our Career Center or wish to discuss potential accommodations related to applying for employment at our Company, please contact ApplicantSupport@NeimanMarcus.com.
To listen to an audio clip of this information, click HERE.