Title:  IT Risk & Compliance Analytics Analyst Sr

About Us:

Stericycle is a U.S. based business-to-business services company and leading provider of compliance-based solutions that protects people and brands, promotes health and well-being, and safeguards the environment. Since our founding over 30 years ago, we have grown from a small start-up in medical waste management into a leader across a range of increasingly complex and highly regulated arenas, serving healthcare organizations and commercial businesses of every size. Every day, we help our customers solve complex challenges by safely managing materials that could otherwise spread disease, contaminate the environment, or compromise one’s identity.

Join us on our mission to protect health and well-being in a safe, responsible, and sustainable way.
 

Position Purpose:

The IT Risk & Compliance Analytics Analyst Senior will be responsible for end-to-end execution of the centralized User Entitlement Review (UER) process using homegrown tools built in Outsystems and Alteryx.  This position will report to the Manager, IT Risk & Compliance and work with multiple levels of management within the organization to ensure that user access in compliance with the access management policy.  This role will be responsible for identifying the compliance gaps and assist in remediation.

Key Job Activities:

• Execute the end-to-end centralized User Entitlement Reviews for organization, which includes the UER data preparation, ETL (Extract, Transform, Load) in UER data tools (Alteryx), monitoring of reviews while in process, perform post-access removal validation activities, and risk assessment of access removals for many applications across the organization.
• Support the development, testing, and implementation of necessary UER tool updates to ensure completeness and accuracy of user access.
• Collaborate with cross-functional teams to gather and understand business requirements for implementing applications within UER tools, including understanding access provisioning processes and technical architecture for security across various applications.
• Apply analytical and critical thinking skills to identify potential risks, weaknesses, and compliance issues, and risk assessment processes in user access controls. Track and remediate access compliance issues in a timely manner. Proactively address issues that may result in the UER data being inaccurate.
• Apply technical knowledge to map and execute ETL processes in the user access review workflow.
• Maintain standard operating procedures, documentation of vocabulary and best practices to optimize the user access review process.
• Lead troubleshooting activities and data tracing to ensure data transformation integrity when questions arise.
• Utilize data analysis techniques, including SQL queries, to assist in reviewing access data for accuracy and completeness.
• Contribute to maintaining compliance with relevant auditing standards throughout the user access review process.
• Communicate with various internal stakeholders and external auditors to explain how the UER process works both technically and functionally.
• Other: Occasional travel may be required for training and support functions.  In the office 3 days a week, with ad-hoc flexibility as needed.

Experience (North America):

• Bachelor's degree in Business Analytics, Information Systems, or a related field.
• Basic understanding of auditing standards and their application to user access reviews.
• 5+ years of experience in a fast-paced professional role.
• Previous audit, controls, process and/or IT audit is preferred, not required.
• Licenses and Required Competencies
• Strong ability to analyze business requirements and translate them into practical review strategies and quantitative analytics.
• Detail-oriented mindset with an ability to spot patterns, anomalies, and potential risks.
• Solid problem-solving and critical-thinking skills and demonstrates the ability to be a self-starter who can utilize their strong problem-solving skills to generate creative solutions to complex issues.
• Strong ability in combining technical knowledge with business understanding.
• Strong commitment to maintaining ethical standards and confidentiality.
• Familiarity with troubleshooting activities and data tracing techniques.
• Strong communication and written skills – Demonstrates the ability to present ideas and information in a clear, concise, organized, and diplomatic manner; listen to others to respond effectively to ideas and questions.
• Deals openly and honestly with people in all levels of the organization while building credibility and maintaining trust.  Exhibits empathy and sensitivity for the needs of others.  Is perceived by others as being helpful and supportive.  
• Demonstrate the ability to deal with changing priorities and multi-task several projects with the ability to succeed well under pressure, grasp new ideas quickly.  Possess an “all in” attitude and embrace the ability to be part of a High-Performance team, focusing on adapting and overcoming obstacles.    
• Demonstrate the ability to generate new ideas; recognize the need for and develop new approaches to problem resolution.
• Demonstrate the ability to efficiently manage own time, activities and resources.  Identify specific activities required to accomplish objectives and take action to achieve desired results; prioritize complex multiple activities and projects. 
• Technical Skills: 
• Familiarity with data modeling and data mapping techniques
• Proficiency in data analysis using SQL queries, basic data types, and joins.
• Familiarity with Alteryx or a similar ETL tool.
• Familiarity with SQL, database management, data transformation, and data completeness concepts.
• Familiarity with data transformation techniques and data visualization tools.
• Basic knowledge of database vocabulary and its relevance to user access review processes.
• Intermediate to advanced level skills using Microsoft office products including Word, PowerPoint, and Excel.
• Intermediate to advanced skills in Excel using functions such as VLOOKUP, INDEX-MATCH, and SUMIFS for data manipulation and analysis.
• Other (i.e., travel, etc. that is not covered above): Occasional travel may be required for training and support functions.  In the office 3 days a week, with ad-hoc flexibility as needed.

Benefits:

Stericycle currently offers its employees the option to participate in a full range of benefits, including a health care program which includes medical, dental, vision and prescription coverage, healthcare and dependent care flexible spending accounts, life and accidental death and dismemberment insurance, an employee assistance program, tuition reimbursement, paid vacation and sick time, a 401(k) plan, and an employee stock purchase plan. Participation in some programs requires that employees be regularly scheduled to work a minimum number of hours and/or to have fulfilled a waiting period after they begin employment with Stericycle.

Our Promise:

Stericycle is committed to attracting and retaining a diverse workforce, and to valuing unique perspectives and identities. We foster a culture of belonging that encourages, supports, and celebrates the diverse voices of our team members. It fuels our innovation and strengthens our connection to our customers and the communities we serve. We are proud to be an equal opportunity employer. All employment is decided on the basis of qualifications, merit, and business need.  

Disclaimer:

The above description is meant to provide a summary of the nature and level of work being performed; it should not be construed as an exhaustive list of all responsibilities, duties and requirements of the job.  This document does not create an employment contract, implied or otherwise, and it does not constitute any right or guarantee of employment condition. This position is open to people with disabilities.  Stericycle will consider requests for workplace accommodations for protected physical or mental limitations in accordance with its human resources and risks prevention policies and local laws.  To the extent permissible under local law, and consistent with business necessity, Stericycle reserves the right to modify the content formally or informally, either verbally or in writing, at any time with or without advance notice.