What are the responsibilities and job description for the IT Security Compliance Analyst position at Darden RSC?
JOB OVERVIEW:
The IT Security Compliance Analyst works under the direction of the Sr GRC Team Leader in observing the organization's Risk Management, Vulnerability Management, Third-Party Risk Management, and our Security Education/Awareness programs along with the annual PCI compliance program. This role ensures that adequate and effective security processes, controls, and protocols are followed and aligned to ensure compliance with security policies, industry best practices, and regulatory requirements.
As part of the Third-Party Risk Management responsibilities, you will be responsible for leading the efforts to collect and organize written responses and documentation, leading calls and meetings to gather information from vendors while ensuring that all follow-up communications and remediation activities are completed on time.
ROLES AND RESPONSIBILITIES:
REQUIRED TECHNICAL SKILLS:
REQUIRED EDUCATION:
OTHER KEY QUALIFICATIONS:
PREFERRED SKILLS AND EXPERIENCE:
The IT Security Compliance Analyst works under the direction of the Sr GRC Team Leader in observing the organization's Risk Management, Vulnerability Management, Third-Party Risk Management, and our Security Education/Awareness programs along with the annual PCI compliance program. This role ensures that adequate and effective security processes, controls, and protocols are followed and aligned to ensure compliance with security policies, industry best practices, and regulatory requirements.
As part of the Third-Party Risk Management responsibilities, you will be responsible for leading the efforts to collect and organize written responses and documentation, leading calls and meetings to gather information from vendors while ensuring that all follow-up communications and remediation activities are completed on time.
ROLES AND RESPONSIBILITIES:
- Works as a team member in the Information Technology Department focusing on Governance-Risk-Compliance processes and initiatives, acting as a central point of contact while collaborating with other organizational units in these matters.
- Supports the Darden cybersecurity compliance program, ensuring the identification, tracking, prioritization, and remediation of all internal and external threats/vulnerabilities are addressed effectively. Scheduling and performing vulnerability tests and developing strategies to mitigate any weaknesses discovered.
- Supports Internal Audit activities and remediation requirements related to Darden's ITGCs as well as other related SOX compliance activities.
- Ensures adequate and effective IT controls exist to meet applicable current and future security compliance requirements mandated by relevant laws, regulations, and frameworks such as SOC Attestations (SOC2 Type2 and SOC1), PCI-DSS (Payment Card Industry Data Security Standards), and HIPAA as well as state and federal privacy laws.
- Supports and updates a centralized repository of security controls aligned with Darden's business objectives.
- Coordinates selected tests of information security measures, including targeted penetration tests, vulnerability scans, IT Risk Assessments, and other configurable controls reviews.
- Coordinates the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistent with industry best practices.
- Understands the fundamental business activities performed by Darden and seeks opportunities to align processes and activities to the organization's stated objectives.
- Assists with the implementation of company-wide Security Awareness and Education Programs that are aligned with cybersecurity policies, standards, regulatory requirements, and industry best practices.
- Assists with vulnerability management reporting including patch management tracking and software code analysis reports.
- Assists with identity management reviews from automated and manual systems.
- Leading Darden's vendor audit process including cloud service providers, engaging in a risk-based approach to determine the depth of each audit, leading the audit, and providing recommendations to management based on the results.
- Working with third parties and consultants as needed for independent security audits or TPRM reviews.
REQUIRED TECHNICAL SKILLS:
- Minimum of 3 years of experience in an IT role focusing on Governance-Risk-Compliance, information security, and IT compliance.
- CISA, ISC2 CC, or CISSP certification preferred.
- Relevant Project Management certification is preferred
REQUIRED EDUCATION:
- Bachelor's Degree in Computer Science, Information Technology, or related field of study
OTHER KEY QUALIFICATIONS:
- Strong familiarity with PCI-DSS (version 3.2.1 and 4.0), Third-Party Risk Management practices, Vulnerability Management tools, and IT General Controls.
- Ability to maintain accurate and detailed notes regarding compliance issues.
- Ability to work efficiently with multiple compliance frameworks.
- Ability to deliver projects, tasks, and activities in a timely manner and within budget.
- Ability to establish and maintain strong working relationships with business partners across the enterprise.
- Strong interpersonal skills and ability to influence others.
- Excellent relationship-building skills and cultural awareness, along with the ability to work effectively in a matrixed environment.
- Capable of delivering results through a position of influence.
- Ability to maintain industry relationships and look to all sources available to develop the best technology strategies.
- Ability to multi-task in a fast-paced environment.
- Ability to work independently and manage multiple priorities simultaneously.
PREFERRED SKILLS AND EXPERIENCE:
- Working experience with GRC Tools such as Archer, AuditBoard, or OneTrust GRC; including but not limited to the following modules Third-Party Risk Management, Technology Risk Management, and Policy Management is strongly preferred.
- Three years of experience applying Project Management skills
Information System Security Engineer 2
By Light Professional IT Services -
Orlando, FL
Business Analyst-Entry-SharePoint
Stellent IT LLC -
Orlando, FL
Sr Business Analyst
Vish Consulting IT -
Lake, FL
