Information Security Compliance Analyst

About Steel Patriot Partners:

Steel Patriot Partners is your cybersecurity compliance, governance, and security operations ally. Our team of experts comprehensively analyzes programs, creates a tailored strategic plan to achieve goals, and then implements it. We use clear language and industry best practices to improve an organization's cybersecurity and compliance maturity. With our personalized approach, our clients can rest assured that they're receiving the best possible service to achieve cybersecurity and compliance objectives.

Position: Information Security Compliance Analyst

Job description:

Candidates must be in Knoxville, TN area. As an Information Security Compliance Analyst, you will partner with internal and customer compliance, audit, security, governance, risk, and HR teams to ensure compliance with various regulatory and policy requirements. The successful candidate will have experience across multiple compliance domains with expertise in audit process/procedure, risk analysis and mitigation, control testing, and continuous improvement and remediation initiatives. The team evaluates customer environments against customer compliance requirements and develops a compliance program to those requirements. The team also focuses on validating that processes are working end-to-end, identifying risk areas and deficiency / issue treatment and mitigation, and participating in projects to understand and determine potential impact to regulatory compliance components. This role will then identify areas of improvement and non-compliance, which may result in process changes and/or advisory requests. This position is located in Reston, VA. Due to the business services of the organization's customers, applicants must be US citizens.

Schedule:

8 am to 5pm ET (M-F)

Location:

Knoxville, TN

Benefits:

• Employee Dental Insurance
• Flexible schedule
• Employee Health insurance
• Paid time off
• Professional development assistance
• Employee Vision insurance

Typical Tasks:

• Ability to work in a fast-paced, collaborative team environment
• Work closely with Customers to understand requirements and advise on compliance trade-offs
• Integrating workflows into governance, risk, and compliance (GRC) tools
• Originating or improving compliance and security program documentation, including policy, procedure, and response plans.
• Validate system requirements, flows, and written procedures through testing and observations and to ensure regulatory compliance operating procedures and controls are working as intended.
• Complete analysis based on the testing results through observations and reports to identify system and process gaps, reducing risk.
• Document all work, and findings resulting from testing and communicate to relevant stakeholders within defined standard processes.
• Stay abreast of existing and upcoming regulatory legislation to assess potential impact on customers.
• Ensures timely completion of all assigned risk, compliance, and due diligence activities. Communicates issues identified during risk process and due diligence to relevant stakeholders and escalates to other stakeholders, as required.
• Work closely with engineering teams to understand and assess the controls within those technical environments.
• Assist with designing roadmaps that outline audit approaches and plans.

Requirements:

• 3 years of direct experience implementing information security compliance controls.
• Suggested Certifications: or equivalent work experience as an ISSO
• Strong listening and written/verbal communication skills.
• Critical thinking, productivity, and strong attention to detail.
• Ability to work independently with substantial latitude for action and decision while focusing on achieving desired outcomes as part of a collaborative development effort.
• Demonstrated strong work ethic, analytical skills, integrity, and humility
• Experience with audit, risk, compliance, and/or information security disciplines.
• Experience testing / validating and implementing controls in identity and access management, change management, IT operations, etc.
• Subject matter expertise in at minimum one area of various frameworks including but not limited to NIST SP800, PCI, SSAE 18, etc.
• Be able to document audit procedures and results clearly.
• Analytical skills with the ability to use sound business judgment and to exercise skepticism as needed.
• Process-focused experience, including the ability to assess, interpret, and guide corporate processes.

Recommended Skills:

• Experience in control testing aligns with NIST, FedRAMP, CMMC, SSAE18, ISO, PCI, and NIST frameworks.
• Working knowledge of GRC platform(s) to automate compliance workflows.
• Experience with security audits.
• Experience identifying, tracking, reporting, and remediating IT procedural and technical risks.

Citizenship Clearance Requirement:

Applicants selected will be subject to a background investigation and must meet eligibility requirements - US CITIZENSHIP.

Job Type: Full-time

Pay: $100,000.00 - $120,000.00 per year

Benefits:

• Dental insurance
• Health insurance
• Paid time off
• Professional development assistance
• Vision insurance

Compensation Package:

• Bonus opportunities

Schedule:

• 8 hour shift
• Day shift

Work Location: In person