The Riot Legal team has the responsibility to always provide the highest quality legal services that fully align with Riot's company mission of putting players first. Figuring out what's "best for the company" always begins with thinking about what's "best for players." Every policy or contract that we draft; every lawsuit that we file or defend against; every letter we send; and all the legal advice that we give to our partners, must always be done with our players' interests in mind.
As a Compliance Analyst reporting to the Manager of Compliance in Korea, you will help promote compliance within our collection of products and services as you work with numerous groups across Riot from Information Security, Legal, Enterprise (Finance and People) and Production Teams (Product, Engineering, and Design) to help identify potential compliance risks and advise how to avoid or address them.
The overall purpose of the function is to help grow the Compliance program and provide guidance to business units on various regulatory and compliance matters, audit support, risk management, controls governance, education, and awareness. The Compliance Analyst will also be able to develop efficient strategies and tactics while analyzing, documenting and monitoring risk and compliance posture across our existing program. This role will function out of our Seoul office in the Republic of Korea.
Assess Riot’s state of compliance with applicable regulations and lead or participate in the assessment of action plans to remedy deficiencies.
Assist with external inquiries or audits while having the ability to perform or lead internal audits as required.
Assist with the Enterprise Risk Management programs and conduct the risk assessments as required.
Review internal and external policies on compliance standards and recommend changes if necessary.
Develop and execute new compliance policies, procedures, and documentation as required.
Understand and maintain a working knowledge of essential global laws, regulatory requirements, industry standards, security and privacy controls frameworks such as ISMS-P, COBIT, COSO, GDPR, PCI, NIST, ISO, CIS, etc.
Research these different laws, rules, and regulations by reviewing regulatory bulletins, cybersecurity articles, federal updates, news briefs, and other sources of information, and how it may apply to Riot.
Helps develop and conduct compliance training and awareness programs to inform Rioters of organizations regulations, policies and adherence to global laws.
Working hands-on with cross-functional teams in legal, engineering, finance, operations and partnering with product managers, engineers, data analysts, operations analysts in assessing processes, risks and controls while problem solving to create solutions across multiple technologies, and platforms.
Assist with the collection and analysis of relevant metrics across the organization to identify key risks and trends to evaluate and improve compliance program effectiveness.
Minimum of 5-7+ years of experience in Compliance, Legal, Audit, Information Security and/or Information Technology field or other similar risk consulting or internal controls function.
Experience with Enterprise, IT / Technology environments, Information Security, Privacy, and threat and vulnerability management.
Strong technical, analytical and quantitative skills with the ability to use data and metrics to test assumptions, recommendations and drive decision-making.
Strong understanding of testing IT general controls and developing audit methodology.
Ability to transform abstract regulatory requirements into cohesive compliance actions.
Dynamic and resilient individual with the demonstrated ability to make decisions and influence, persuade and build consensus in a fast paced environment.
Highly developed written and oral communication skills with the ability to inspire and influence employees at every level to embrace risk and compliance initiatives.
Exceptional ability to formulate compliance policies, procedures, and related documentation.
Effective written and oral communication skills in both English and Korean.
Bachelor’s or advanced degree in Information Technology, Law, Accounting, Finance, or a related field.
Previous experience in international accounting and advisory firms focusing on audit, cybersecurity, privacy, enterprise risk management, and advisory services.
Previous compliance experience focusing on auditing and security assessments on Fortune 500 companies in the media, games, technology, or entertainment industry.
CISA, CRISC, CIA, CISSP or other related certifications.
Prior experience working on regulatory compliance initiatives such as PCI-DSS, SOX, SSAE 18, Privacy or HIPAA.
Experience with Governance, Risk & Compliance (GRC) platforms.