Job Description:

The Compliance Analyst will be responsible for administering ThirdParty Risk Management aspects of the AMLRS Information Security Risk and Governance Policy and Procedure framework.

The Compliance Analyst will be responsible for helping identify and lead initiatives to ensure that the compliance activities throughout the organization are effective and in compliance with our SOC2 controls.

The Compliance Analyst will participate in meetings as well as document risk and control activities including capturing artifacts producing reports and metrics and generating recommendations to reduce risk

Primary Responsibilities

• Administer the global GRC Third Party/ vendor review program which includes risk rating new vendors approving level 1 and collaborating with Sr. Analyst for level 2 vendors. Annual reviews of existing material and highrisk vendors.

• Assist with performing analysis of software licensing to ensure compliance with IP rights working with Security and IT to remediate violations or bring into compliance.

• Assist in analysis of user access rights to ensure with ISO27001 and other industry standards of Least Privilege

• Create monthly reporting on the status and effectiveness of IT and Information Security metrics

• Perform GDPR/Data Privacy risk assessments and coordinate monitoring with other compliance and control functions results are shared with Leadership on quarterly steering call as well as line of business leadership.

• Partner with Information Technology and Information Security to remediate identified gaps

• Assist in assessing key controls covered in the SOC2 and ISO27001 audits periodically throughout the year

• Provide guidance to executives staff and employees on third party compliance policies procedures and requirements

• Participate in a multifaceted educational awareness and training program that focuses on the elements of the compliance program policies and procedures

• Assist with the of compliance related activities such as our Business Continuity/Disaster Recovery exercises risk matrix reviews incident response tabletops etc.

• Assist Sales in responding to Client Due Diligence requests

• Organize and maintain centralized repositories for relevant ThirdParty Risk and metrics documents

• Assisting in the assessment of technologyrelated compliance issues across the organization including information security identity management user access and data integrity.

• Ensure compliance with information security and privacy policies procedures and workflows that refer to privacy or security breach incidents

• Participate in developing and reviewing company policies

Required Qualifications

• Bachelors degree

• KYC knowledge or experience

• Reporting or data analysis experience

• Problem solving skills

• Technical Acumen; Aptitude in learning cloud security tools

• Attention to detail

• 2 years of related work experience

Preferred Qualifications

• Three or more years of related work experience

• Working Knowledge of a GRC Framework

• Working Knowledge of ISO27001

• Have specific knowledge of key law regulations guidance and industrystandard practices such as: GLBA GDPR/CCPA

AML RightSource is committed to fostering a diverse work environment and is proud to be an equal opportunity employer. We provide equal employment opportunities to all qualified applicants without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws.

All the information concerning breaches of law during the recruitment process should be reported at Upon request you will be provided with Internal procedure for reporting and following up on breaches of law adopted by the Company based on the Whistleblower Protection Act.