As one of the fastest-growing and most exciting brands in the industry, Crash Champions is the largest founder-led multi-shop operator (MSO) of high-quality collision repair service in the U.S. The company, which also operates the growing Crash Champions LUXE | EV Certified brand of highline and luxury EV repair centers, services customers at more than 650 state-of-the-art locations in 38 states across the U.S. Crash Champions was founded in 1999 as a single Chicago repair center by industry veteran and 2023 EY Entrepreneur of the Year Midwest award winner Matt Ebert. For more than 25 years, our vision has been anchored by the belief that delivering superior collision repair service is about People First. Welcome to Crash Champions. We Champion People. 

JOB PURPOSE: The Compliance Analyst is a crucial role responsible for supporting Crash Champions compliance direction and enhancing its compliance posture. This position involves planning and designing policies, understanding both legacy and new technologies, and ensuring adherence to various regulations and certifications like SOC2, NIST, SOX, GDPR, and PCI DSS. The ideal candidate should have at least five years of experience in compliance, risk management, or security and work closely with leadership to assess and validate the compliance program, while also serving as a primary contact for auditors.

ESSENTIAL DUTIES AND RESPONSIBLITIES:

• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance initiatives.
• Maintain oversight in a GRC-related platform.
• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security leadership.
• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
• Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
• Work in tandem with security, audit, and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
• Attend and perform Change Advisory Board (CAB) as “CAB Manager”
• Liaison with auditors, both internal and external, to maintain and implement controls for compliance and contractual requirements.
• Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance, and privacy laws.
• Perform other duties as assigned.

QUALIFICATIONS:

• At least 5 years’ experience in cybersecurity as a practitioner or IT Auditor, and with at least 2 to 3+ years exposure with various security frameworks.
• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
• Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, NIST, and GDPR. Additional experience in one or more of the following: ISO 27001/2, ITIL or SOC2.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
• Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security is required.
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Prior team leadership experience preferred.
• Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure.
• Prior experience with GRC systems.
• Demonstrated problem-solving capabilities, and ability to manage complex security requirements.
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.
• Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities.
• Highly trustworthy; leads by example.

This job description is intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills. You may be asked by your supervisor or managers to perform other duties.  Your performance will be evaluated in part based upon your performance of the job duties listed in this job description, as well as any job duties not specifically listed above that you may be asked from time to time to perform. The Company has the right to revise this job description at any time.

Crash Champions is an equal opportunity employer committed to workplace diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, protected veterans’ status, status as a disabled individual or any other protected group status or non-job characteristic as directed by law.

The Company offers the following benefits for this position, subject to applicable eligibility requirements and annual updates:

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Group Life Insurance
• Disability Insurance
• 401k Retirement Plan with match
• Referral Bonus (“Cash From Crash”)
• 5 Paid Holidays

We are committed to providing competitive compensation for this role. The actual offer will be based on various factors, including but not limited to: job related knowledge, skills, experience, relevant certifications and qualifications.