Lead IT Compliance Analyst

Role
The Information Security Team is looking for a Lead IT Compliance Analyst to join the IT Compliance Team. The Lead IT Compliance Analyst will help support Morningstar Information Security's compliance responsibilities around regulatory compliance and PCI DSS. This individual will help Morningstar meet current and future compliance obligations, assist in identifying and following up on information security findings, gather evidence required for internal and external regulatory audits. This position is based in our Toronto office. We follow a hybrid policy of at least 4 days onsite.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
Responsibilities

• Lead the Information Security Team's efforts in the field of regulatory compliance and serve as the internal Subject Matter Expert (SME) for regulatory compliance assessments.

• Oversee and guide efforts to ensure the information security program's compliance with regulatory standards and guidelines issued by the SEC, ESMA, and other applicable regulators.

• Serve as the main point of contact for information security regulatory compliance, facilitating communication between compliance teams and other internal stakeholders.

• Collaborate with relevant teams to remediate gaps and deficiencies identified during regulatory gap assessments or audits.

• Communicate compliance program results, including assessment status, workflow, remediation, and reporting, to a broad audience including peers, seniors, and leaders.

• Lead PCI DSS compliance efforts, ensuring that all relevant systems and processes meet or exceed the required standards.

• Collaborate with cross-functional teams to identify, implement, and monitor controls to maintain PCI DSS compliance.

• Lead the internal control assessments run by the team, including conducting assessments, identifying efficiency improvements, and proposing enhancements to strengthen the internal control monitoring program.

Requirements

• A bachelor's degree and 5+ years' experience in an IT Compliance position.

• Experience conducting PCI-DSS assessments.

• Ability to conduct internal regulatory audit readiness assessments.

• Familiarity with regulatory frameworks and guidelines issued by SEC and ESMA.

• Strong interpersonal skills to interact with compliance personnel, senior leadership, and other team members.

• Excellent oral and written communication skills.

• Strong organizational skills to prioritize work and balance multiple projects.

• Ability to work independently and as part of a broader team.

Nice To Have

• Experience working in a legal or regulatory compliance role.

Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity