Information Security Compliance Analyst III

Holman is a family-owned, global automotive services organization anchored by our deeply rooted core values and principles that have enabled us to continue Driving What’s Right throughout the last century. Our teams deliver the Holman Experience by treating our customers and each other as we would like to be treated, and creating positive, rewarding relationships all around.

The automotive markets Holman serves include fleet management and leasing; vehicle fabrication and upfitting; component manufacturing and productivity solutions; powertrain distribution and logistics services; commercial and personal insurance and risk management; and retail automotive sales as one of the largest privately owned dealership groups in the United States.

Holman – a Computerworld 2024 “Best Places to Work in IT” company - is hiring a Information Security Compliance Analyst III

Responsibilities:

• Serves as a lead internal consultant by working directly with technology and the business to ensure security and compliance needs are factored into processes, projects, services and applications.
• Advises management on best practices, current trends, and pertinent changes in internal/external threats and opportunities in a timely and anticipatory manner.
• Presents action plans for implementation/approval.
• Leads the development and implementation of new policies and procedures to meet data security, client organization and compliance needs.
• Provides security communication, awareness and training for audiences, which may range from senior leaders, project teams, business representatives and technical staff.
• Establishes, monitors and tests controls supporting audit readiness.
• Works directly with Control Owners to create, adjust and maintain effective and efficient practices.
• Leads preparation and delivery of evidence and facilitates walkthroughs for audits.
• Performs programmatic third party assessment and review: identifying, communicating, monitoring and escalating matters of concern
• Design, implementation and maintenance or effective information security controls
• Evaluating and reporting the proper design and effectiveness of controls.
• Evaluating and reporting on information security risks
• Satisfying auditor, client and customer requirements for information security
• Third party vendor assessment and risk management
• Producing security requirements and control recommendations for projects and implementations
• Identifies, classifies, tracks, communicates, and mitigates exposures and potential exposures.
• Utilizes threat modeling to project and communicate potential exposures and justify control implementations.
• May lead investigation and response for data security, compliance or privacy incidents.
• Monitors compliance with information standards, policy and other relevant information security requirements, performs risk ranking and reports on non-conformities.
• Works with clients and internal teams to address client assurance needs.
• May perform client and vendor contract language reviews.
• Supports the development and success of other team members.
• Mentors junior team members.
• Perform all other duties and special projects as assigned.

Relevant Work Experience:

• 6 – 8 years’ experience in Information Security, IT Compliance & Risk Management.
• Substantial experience with Iaas, PaaS, SaaS and traditional infrastructure and application security controls. This includes both designing and assessing security controls.
• Expertise and experience with applied common information security management frameworks, standards and assurance practices, such as ISO 27001 & 27002, NIST, COBIT, SOC reporting, PCI and ITIL.
• Expertise and experience with assessing, evaluating, mitigating and reporting on data security and compliance risk.
• Firm understanding of new and emerging privacy standards, principles and associated practices.
• Extensive experience in developing and documenting security controls, data security risks, architectures and data lifecycles.

Education and/or Training:

• Bachelor’s degree in Computer Sciences, Information Systems or another related field.
• Holds professional certifications such as CISSP/CRISC/GIAC/CISA/CISM.
• A motivated self-starter that is able to contribute to work independently or in a collaborative, cross functional team environment.
• Ability to develop strong relationships at all levels of the company.
• Possesses general project management skills. Able to run demanding projects while managing expectations and delivery with minimal supervision.
• Strong technical knowledge including networking, system, SDLC, general computing controls and cloud security controls.
• Leadership and time management skills.
• Strong knowledge of industry directions and trends.
• Strong analytical skills and the ability to evaluate business aspects and application of existing and future technologies.
• Strong knowledge of applicable legal and regulatory requirements, including, but not limited to, Payment Card Industry (PCI), GDPR, CCPA, GLBA, NYDFS etc..
• Very strong verbal and written communication skills.
• Ability to communicate security and compliance issues to both technical and non-technical audiences required.
• Ability to understand conflicting perspectives and consistently apply sound judgment is highly important.

#LI-REMOTE #LI-JT1

At Holman, we exist to provide rewarding careers and better lives for employees and their families. We hire, train, empower, and reward exceptional people. Our journey is guided by our desire to get it right every time and the acknowledgement that we have an opportunity to be better. To be better, we have to do better, and to do better we must know better. That’s why we are listening, open to learning new things – about ourselves and each other. We will never stop striving for improved diversity, equity, and inclusion because we are successful together when we feel trusted and supported. It’s The Holman Way.

At Holman, your total compensation goes beyond your paycheck. To position you for success and provide a rewarding career and better life for you and your family, Holman is proud to offer you the benefits you deserve; including protection against illness, disability, loss of work, or preparation for retirement. Below is a brief overview of the programs available to full-time employees (programs may vary by country or worker type):

• Health Insurance
• Vision Insurance
• Dental Insurance
• Life and Disability Insurance
• Flexible Spending and Health Savings Accounts
• Employee Assistance Program
• 401(k) plan with Company Match
• Paid Time Off (PTO)
• Paid Holidays, Bereavement, and Jury Duty
• Paid Pregnancy/Parental leave
• Paid Military Leave
• Tuition Reimbursement

Benefits:

Regular Full-Time

We offer excellent benefits including health, vision, dental, life and disability insurance, and 401(k) with company match. Our time off benefits include Paid Time Off (PTO), paid holidays, bereavement, and jury duty. In addition, we offer paid pregnancy and parental leave, and supplemental paid military leave to eligible employees.

Click here for Washington State benefit information.

Temporary or Part-Time

In geographic areas with statutory paid sick leave, part-time and temporary employees will receive a paid sick leave benefit that meets the mandated requirements.

Click here for Washington State benefit information.

Pay:

We offer competitive wages that are commensurate with job-related skills, experience, relevant education or training, and geographic location, starting in the range of $97,450.00 - $141,300.00 USD annually for full time employees. The annual compensation range is comprised of base pay earnings.

Equal Opportunity Employment and Accommodations:

Holman provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

If you are a person with a disability needing assistance with the application process, please contact HR@Holman.com

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.