Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks eighth in Forbes “World’s Best Employers”.
This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.
Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.
Compliance Analysts support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, protecting member privacy, and ensuring continued compliance. Compliance Analysts work closely with other teams to define and set corporate guidance in response to emerging standards and legislations by making certain that all policies and procedures are implemented and well documented, performing internal reviews, and identifying compliance problems that call for formal attention. Compliance Analysts speak both technical and business language interchangeably to effectively communicate and lead.
The IT Service Continuity Disaster Recovery Compliance Analyst is to support the overarching values and business goals of Costco Wholesale. This role is focused on business continuity, disaster recovery, and resiliency initiatives, and will provide consulting services to internal product and project teams, including vendors to review high availability solutions. The Compliance Analyst will perform services related to, but not limited to, Business Impact Analysis, Disaster Recovery Plans, and Tabletop Exercises, while aligning with Resiliency Team Members and Business Continuity Team Members to provide overarching continuity capabilities.
If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.
ROLE
● Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.
● Identifies problems, analyzes data, and presents findings in a professional manner, recommends mitigations either via new technology, alternative compensating controls, or policy modifications to improve overall security posture.
● Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.
● Establishes and implements methodologies designed to identify general system and business controls, and identifies and prioritizes risks.
● Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
● Maintains a strong understanding and adherence of current and upcoming standards, regulations, and legislation.
● Stays current with new and evolving security topics and technologies via formal training and self-directed education.
● Innovative, creative, and works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency.
● Manages and communicates key compliance milestones for critical systems and complex processes.
● Establishes and meets deadlines to ensure adherence to rules and regulations.
● Assists and supports the organization with initial compliance with ongoing preparation, testing, and monitoring of conformance.
● Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.
● Audits information system activities and systems to confirm compliance and provides management with compliance assessments.
● Develops, manages, and executes plans to communicate and remediate all known material weaknesses or significant deficiencies, and minimize any findings noted by either internal or external auditors.
● Engages and collaborates with a variety of internal departments and external organizations, may include but not limited to legal firms, law enforcement agencies, and all other levels of government to ensure follow through and completion of compliance and mitigation activities.
● Identifies risks and evaluates findings while working with internal departments/business units to appropriately address the findings.
● Works with stakeholders (e.g., department managers, project managers, and systems administrators) at different levels in the organization to understand their respective resilience needs and assists with implementing practices and procedures consistent with Costco’s policies and standards.
● Conducts Business Impact Analysis, creates Business Continuity & Disaster Recovery Plans, conducts Tabletop Exercises, and develops failover solutions.
● Develops dependency mapping models representing capabilities and relationship with the respective applications in preparation for failover projects and the creation of runbooks and DR plans.
● Supports the development and maintenance of Disaster Recovery/Business Continuity policies, standards, and guidelines.
● Develops efficient and scalable processes, templates, and program metrics as required.
● Assists with auditing of information systems’ resilience capabilities and providing the appropriate reporting.
● Partners with other IT groups and Solution Architects to conduct service resilience and continuity risk assessments on new solutions and systems, ensuring they align with our Resilience Standards and Reference Architecture Requirements.
● Coordinates and facilitates failover testing and table top exercises, including post exercise gap assessments on existing systems to identify and/or recommend appropriate continuity countermeasures and best practices.
● Builds and fosters positive relationships with key IT and business partners.
● Practices strong leadership skills consistently and mentors others on resilience best practices.
● Leverages relevant data insights to report on the resilience health for both the program and individual IT teams.
● Helps support and maintain all disaster recovery related workstreams end to end.
REQUIRED
● 7+ years’ experience in Business Continuity and Disaster Recovery related roles.
● Active Certification from DRII, BCI or similar or the ability to obtain within the first 90 days of employment.
● Experience with business continuity concepts of recovery time and point objectives, and mean time to recovery.
● Experience supporting and building/implementing enhancements for an Enterprise-wide IT Disaster Recovery Program.
● Excellent verbal and written communication and presentation skills with the ability to influence at all levels of the organization (e.g. technical teams, leadership, and external vendors).
● Solid time management skills with the ability to plan, organize, and implement multiple initiatives and deadline-driven workloads while consistently providing outstanding customer service.
● Strong project management experience to work with stakeholders to identify and roadmap solutions that support their business requirements.
● Ability to help drive and make progress under ambiguous situations.
● Ability to interpret data and processes to identify potential compliance or risk issues.
● Ability to quickly understand and map complicated data flows in order to identify and validate requirements.
● Understanding of and experience working with agile and waterfall methodologies.
● Working knowledge of information systems’ security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
● Team player and willingness to establish a strong positive working relationship with all areas of the business.
● Innovative, creative, and extremely responsive with a strong sense of urgency.
● Ability to work effectively and independently.
● Familiarity in DevOps or DevSecOps.
Recommended
● Bachelor’s degree in computer science, information technology or related field or equivalent experience.
● One or more professional certifications: DRI, ISO 22301 or equivalent.
● Experience with short- and long-term storage design techniques.
● Experience with SaaS and PaaS high availability architectures.
● Knowledge of Cloud and datacenter redundant designs.
● Familiarity with governance and policy management best practices.
● Familiarity of SDM, SDLC, and project management processes.
● Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.
● Experience in retail, supply chain, Ecommerce industries helpful.
Required Documents
● Cover Letter
● Resume
California applicants, please click here to review the Costco Applicant Privacy Notice.
Pay Ranges:
Level 3 - $110,000 - $150,000
Level 4 - $140,000 - $185,000
We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com
If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.