What are the responsibilities and job description for the Compliance Analyst position at Five Rivers IT, Inc.?
Position Name- Compliance Analyst
Location- Rochelle Park, NJ
Job Description:
• Lead the planning, scoping, execution and documentation of audits primarily in areas associated with technology and technology-related risks.
• Act as a liaison between Auditors and Engineering/IT by coordinating requests for information and coordinating responses to any observations.
• Maintain proactive ongoing compliance by utilizing compliance tool to perform periodic security tasks and checks.
• Research new security compliance requirements and assist in evaluating compliance control requirements.
• Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.
• Write detailed findings, remediation plans, and other supporting documentation
• Provide actionable, technical advice to engineers to enhance security control design & effectiveness (including for cloud environments)
• Develop a close partnership with engineering control owners to educate them on compliance requirements and develop risk-appropriate control implementation solutions.
• Responsible for Incident Management, be readily available for: Incident documentation, ensure risk analysis and severity, manage containment, lead investigation, ensure proper notification protocol, conduct & document lessons learnt, Report on findings to then communicate them to the client.
Required Experience
• Bachelor's in Computer Science, Computer Engineering, Information Systems or related field or equivalent work experience
• Up to 2 years of experience managing Information Security audits (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA)
• Experience implementing security techniques, practices, and controls that can be applied to address risks
• Experience operating as part of an Information security program in alignment with common information technology management frameworks such as ISO 27001, NIST, CIS, ITIL, COBIT, etc.
• Strong written and verbal communication skills
• Strong program management skills
• Experience working closely with auditors and/or external regulators
• Experience managing security tools
Other Details about the Job
Location- Rochelle Park, NJ
Job Description:
• Lead the planning, scoping, execution and documentation of audits primarily in areas associated with technology and technology-related risks.
• Act as a liaison between Auditors and Engineering/IT by coordinating requests for information and coordinating responses to any observations.
• Maintain proactive ongoing compliance by utilizing compliance tool to perform periodic security tasks and checks.
• Research new security compliance requirements and assist in evaluating compliance control requirements.
• Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.
• Write detailed findings, remediation plans, and other supporting documentation
• Provide actionable, technical advice to engineers to enhance security control design & effectiveness (including for cloud environments)
• Develop a close partnership with engineering control owners to educate them on compliance requirements and develop risk-appropriate control implementation solutions.
• Responsible for Incident Management, be readily available for: Incident documentation, ensure risk analysis and severity, manage containment, lead investigation, ensure proper notification protocol, conduct & document lessons learnt, Report on findings to then communicate them to the client.
Required Experience
• Bachelor's in Computer Science, Computer Engineering, Information Systems or related field or equivalent work experience
• Up to 2 years of experience managing Information Security audits (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA)
• Experience implementing security techniques, practices, and controls that can be applied to address risks
• Experience operating as part of an Information security program in alignment with common information technology management frameworks such as ISO 27001, NIST, CIS, ITIL, COBIT, etc.
• Strong written and verbal communication skills
• Strong program management skills
• Experience working closely with auditors and/or external regulators
• Experience managing security tools
Other Details about the Job
- This is a Full-Time position.
- All standard benefits are included such as medical/dental/vision insurance and vacation time.
- Salary will be based on experience. Applications lacking the expected salary will not be considered.
- You will be placed at our Rochelle Park, NJ office. This position is in office 5 days a week. Please do not apply if you are not local or are not willing to relocate.
