Skip to main content

Compliance & Controls Analyst

The Brief

Working in the Information Security team, the Compliance & Controls Analyst will assess, monitor and improve compliance and reporting for security and privacy requirements for Skype, Skype for Business and Microsoft Teams.

They will report on non-compliance and weak controls, assessing related risks, proposing solutions and tracking completion status.

Occasional travel to other sites.


Key Responsibilities

• Program manage Skype’s certification efforts for PCI DSS, SOX and other relevant legal and regulatory schemes

• Conduct reviews of Skype’s internal infrastructure and services to ensure compliance with security, privacy, geopolitical and accessibility policies and procedures

• Make recommendations to close compliance gaps, ensuring solutions are sustainable and measurable

• Project Manage division wide tracking and reporting on audit readiness and compliance status, including tracking identified compliance gaps, developing progress reports and relevant metrics and dashboards

• Work with internal and external auditors. Participate in audit and compliance activities.

• Development and updating of compliance procedure and guidance documentation

• Perform compliance Risk Assessments

• Drive project work to address cross-business compliance gaps

• Develop and deliver awareness materials, presentations, and training sessions to proactively support efforts to improve understanding of compliance requirements within Skype

Pre-requisite Knowledge, Skills and Experience

• Experience in interpretation and application of a broad range of regulatory imperatives and industry compliance frameworks including PCI DSS, SOX, ISO27K, GDPR

• Experience in scoping, planning and evaluating operational effectiveness of security controls, and related audit processes  

• Experience in identification of security and privacy compliance gaps and facilitation of subsequent remediation activities

• Knowledge and practical experience of conducting security risk assessments

• Familiarity with privacy requirements for collection and use of customer data.

• High level of initiative, creativity and motivation and the ability to work independently.

• Analytical and resolution skills

• Advanced verbal and written communication skills, ideally technical writing ability. Attention to detail. Accuracy.

• Strong presentation skills

• Influencing skills

• Project management skills, effective time management and ability to prioritise

Desirable functional / technical skills

• Experience of information systems auditing

• MSc Information Security

• CISA (Certified Information Systems Auditor), ISACA

• CISSP (Certified Information Systems Security Professional), ISC2

• CIPP/IT (Certified Information Privacy Professional)

Job #



Estonia, Tallinn

Job families

Program management (engineering)

Products and technologies



Applications and services