Audit and Compliance Specialist

ATPCO is the foundation of flight shopping, providing pricing and retailing data, tools, and services to 500+ airlines, global distribution systems, sales channels, and technology companies. In addition, ATPCO links the entire airline community together, collaborating to develop industry standards for airline distribution and end-to-end technology solutions. As a result, ATPCO solutions work seamlessly across existing, new, and evolving technologies and methods from shopping to settlement. Airline-owned and reliably supporting air travel for more than 55 years, ATPCO is everywhere people buy flights.

We consider qualified applicants for employment without regard to race, gender, age, color, religion, national origin, citizenship status, marital status, disability, sexual orientation, protected military/veteran status, gender identity or expression, genetic information, marital status, medical condition, or any other legally protected factor.

ATPCO is seeking a highly skilled and detail-oriented Audit and Compliance Specialist to ensure ongoing compliance with Legal and Regulatory Frameworks such as PCI-DSS, ISO 27001, and ISO 27701 standards, General Data Protection Regulation (GDPR), Data Privacy Framework (DPF), Internal Compliance Audits, and other Legal and Regulatory frameworks. The ideal candidate will have a strong background in audit preparation, working closely with auditors, collaborating with various teams to remediate audit findings, and supporting Third-Party Risk Management activities

Key Responsibilities:

1. Ensuring Ongoing Compliance:

• Continuously monitor and stay updated with changes in PCI-DSS, ISO 27001, and ISO 27701 standards.
• Ensure all policies, procedures, and practices comply with regulatory and organizational requirements.
• Conduct regular internal audits and risk assessments to identify areas of non-compliance.
• Develop and implement corrective action plans to address any identified gaps.

1. Audit Preparation:

• Maintain comprehensive and accurate documentation of all compliance-related activities, policies, and procedures.
• Ensure all records are readily available for audit purposes.
• Coordinate with various departments to gather necessary documentation and evidence for audits.
• Conduct pre-audit reviews to ensure readiness and compliance.

1. Audit Support:

• Serve as the primary point of contact for external auditors.
• Facilitate communication between auditors and internal teams.  
• Provide auditors with required documentation, explanations, and evidence.
• Address any questions or concerns raised by auditors promptly and accurately.
• Review audit findings and collaborate with relevant teams to develop and implement remediation plans.
• Track and document the progress of remediation efforts resulting from audit findings to ensure timely resolution.
• Identify opportunities for process improvements to enhance compliance and reduce the risk of future findings.
• Implement best practices and lessons learned from previous audits.

1. Third-Party Risk Management and ATPCO Security Assessments:

• Conduct risk assessments and due diligence on third-party vendors to ensure they meet ATPCO's security and compliance standards.
• Maintain a database of third-party risk assessments and ensure regular updates and reviews.
• Collaborate with the procurement and legal teams to ensure that all third-party contracts include necessary compliance and security requirements.
• Monitor third-party compliance with agreed-upon security and compliance standards.
• Facilitate RFP processes and address customer security self-assessment questionnaires regarding ATPCO’s information security controls.
• Document and report on third-party incidents and their impact on ATPCO’s compliance posture.

1. Training and Awareness:

• Develop and deliver training programs to ensure staff are aware of compliance requirements and best practices.
• Promote a culture of compliance within the organization through ongoing awareness training campaign.

Qualifications:

• Bachelor’s degree in Information Security, Compliance, or a related field.
• Professional certifications such as CISA, CISM, CISSP, or equivalent are highly desirable.
• Extensive knowledge of PCI-DSS, ISO 27001, and ISO 27701 standards.
• Proven experience in audit preparation, conducting internal audits, working with external auditors, and third-party risk management.
• Strong analytical, problem-solving, and communication skills.
• Ability to work collaboratively with cross-functional teams.
• Detail-oriented with a high level of integrity and accountability.

Benefits:

• Competitive salary and benefits package.
• Opportunities for professional growth and development.
• Collaborative and dynamic work environment.
• Promote a culture of compliance and ethical behavior within the organization through ongoing awareness campaigns.

Salary Range:  USD $119,000 to $125,000

*The disclosed range estimate has not been adjusted for applicable geographic differential associated with the location*

All your information will be kept confidential according to EEO guidelines.