Sr. IT Risk and Compliance Analyst
Since 1940, Dairy Queen® has been one of the world’s best known and loved brands. Based in Minneapolis, MN, International Dairy Queen Inc., (IDQ), is the parent company of American Dairy Queen Corporation. As a leading franchisor, there are more than 7,000 independently owned and operated restaurants in the U.S., Canada and more than 20 countries around the world. IDQ is a subsidiary of Berkshire Hathaway Inc. (Berkshire) which is led by Warren Buffett, the legendary investor and CEO of Berkshire.
Here at IDQ, we create extraordinary Fan experiences every day and we do this through our commitment to hiring and retaining only the best in class talent. We firmly believe that our employees are the catalyst to the success of the company where their initiative, strategic thinking, and entrepreneurial spirit are recognized and rewarded. We're looking for motivated, passionate and dedicated individuals with an inherent need and ambition to go after bigger challenges.
We have an exciting opportunity for a Sr. IT Risk & Compliance Analyst located at our corporate headquarters in Bloomington, MN. This role is responsible for leading efforts around Third Party & IT Risk management, Security audits/assessments, Pen tests and PCI Compliance. This role will coordinate with IT, business owners, and external auditors to assess and identify technology and operational risks related to internal and cloud technology solutions. Provide reporting, guidance, and drive efforts to implement appropriate controls and remediation to address Third Party and IT cybersecurity risks. This role will also be responsible for review and oversight of Digital Fraud Management tools and partners.
Key Accountabilities Include:
Risk Management and Compliance
- Manage TPRM assessments and ongoing evaluation, monitoring and reporting on vendor risks by category.
- Manage/Administer IT GRC tools.
- Manage audit gaps; identifies those within the organization responsible for remediating or closing audit findings, negotiate dates for closure, and track/report progress.
- Build out tracking and reporting for key IT compliance areas, e.g., Updates and Patching, Known Vulnerabilities, etc.
- Review and coordinate responses to Security related audits and assessments.
- Represent Information Technology Security on internal and external assessments and/or audits of information technology systems and processes, interpret results, and develop and communication recommendations to the team and management.
- Collect and manage audit, risk, and assessment related artifacts.
- Understand technology controls that impact on premises and cloud technology, operational risk to the IT organization as well as related laws, regulations, and industry standards, specifically related to internal and cloud technology solutions.
- Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on premises as well as cloud hosted IT applications and infrastructure.
- Develop and recommend appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization for on premises as well as cloud hosted IT applications and infrastructure.
- Identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders.
- Lead risk remediation projects.
Digital Fraud Management
- Assess and recommend fraud prevention strategies and measures to safeguard DQ’s digital platforms and systems from potential fraud risks.
- Collaborate with appropriate teams and partners to ensure prompt response to potential fraud incidents.
- Collaborate with internal teams and external partners to develop and enhance fraud prevention tools, systems, and technologies. Stay updated on the latest fraud trends and emerging threats to continuously improve DQ’s fraud prevention capabilities.
- Collaborate closely with cross-functional teams, including IT, Finance, Marketing, Operations, and Legal, to ensure effective implementation of fraud prevention measures. Provide guidance and support regarding fraud-related issues.
- Prepare reports on fraud incidents, trends, and prevention measures.
- Maintain accurate documentation of investigations, findings, and actions taken for reference and audit purposes.
- Bachelor’s degree or equivalent work experience, with a technology emphasis.
- Experience with GRC and Third-Party Risk Management Tools, e.g., KCM, OneTrust.
- Flexibility in working on several processes or projects simultaneously to meet team goals and responsibilities.
- Ability to work with tools including Microsoft Office applications, specifically Word, Excel, and PowerPoint, Teams, SharePoint, ServiceNow.
- Experience with TPRM, IT internal audits, external audits, and or control reporting and activities.
- Solid understanding of IT general controls and activities.
- Possess a general understanding of IT security technologies, including network, application and database security, access management and cloud security.
- Negotiation skills to obtain commitments to remediate risks and vulnerabilities from leadership of other teams.
- Consulting skills, client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.
- Excellent communication, listening, and facilitation skills.
- Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues, and obstacles.
- Strong understanding of PCI Compliance requirements.
- Relevant digital Fraud/Risk/Compliance experience in the Retail/Ecommerce/Online services industries.
- Understanding of fraud prevention techniques, tools, and methodologies.
- Familiarity with digital payment systems, e-commerce platforms, and mobile applications.
- Knowledge of fraud trends, tactics, and emerging threats in the digital space.
- Attention to detail and a commitment to maintaining the highest standards of security and integrity.
- Certifications: CISSP, GCIH, GIAC, Security+ a plus.
All your information will be kept confidential according to EEO guidelines.
Our benefit package supports the well-being of our employees and their families. Our comprehensive benefit package includes, medical, dental, 401K match, paid time off (including volunteer time as well as parental leave) and so much more! To learn more about our great benefit offerings,Click Here.
Most positions located out of our global headquarters in Bloomington, MN will work a hybrid work schedule where you will work 2 collaboration days a week. Additional in office time may be required to support team/project needs. Positions will be identified as “remote eligible” when consideration will be given to candidates outside of drivable distance to our Bloomington office.
Our Commitment to Diversity, Equity and Inclusion
We are committed to creating a culture of diversity, equity and inclusion for all who touch DQ. We believe in and commit to fostering a community where employees bring their authentic selves to work; where we recruit, engage and retain employees, franchise owners and suppliers with diverse background and identities; and where everyone feels welcome engaging with our DQ brand.
IDQ is an Equal Opportunity Employer that values the strength diversity brings to the workplace. IDQ participates in the US E-Verify program. You must be work authorized in the United States without the need for employer sponsorship.
Required degree level
- Bachelor Degree