IT SECURITY COMPLIANCE ANALYST
The Security Compliance Analyst works in support of IT Security compliance requirements and company risk tolerance. This role ensures that adequate and effective security processes, controls, and lifecycles are followed and aligned to deliver compliance with security policy and regulatory requirements. The Security Compliance Analyst supports the security compliance program, tracking completion and remediation of compliance activities, and documenting compliance program evidence. This role works with a wide variety of people from different internal customer organizational units to track and maintain compliance activities throughout the organization when and where IT systems are utilized.
ROLES AND RESPONSIBILITIES :
- Works as a team member in the Information Security Department focusing on IT Security compliance processes and initiatives, acting as the central point of contact and collaborating with other organization units within the company in these matters
- Supports the security compliance program, ensuring the identification, tracking, prioritization, and remediation of all internal and external compliance requirements; also supports Internal Audit activities and remediation requirements
- Ensures adequate and effective IT controls exist to meet applicable current and future security compliance requirements found in laws, regulations, frameworks such as requirements to comply with SOX (Sarbanes-Oxley), SSAE 16 SOC I & II, PCI (Payment Card Industry) Security Standards, HIPAA, state and federal privacy law
- Supports and updates a centralized repository of security controls aligned with corporate, regulatory, security framework requirements
- Coordinates selected tests of information security measures, including targeted penetration attacks, vulnerability scans, and other configurable controls reviews
- Coordinates the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistent
- Understands the fundamental business activities performed by company, and based on this understanding, aligns appropriate information security solutions that adequately protect these activities
- Assists with the implementation of company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices
- Assists with vulnerability management reporting including patch management tracking and software code analysis reports.
- Assists with identity management reviews from automated and manual systems
REQUIRED TECHNICAL SKILLS :
Minimum of 3 years' of experience in an IT role focusing on information security and IT complianceCISA or CISSP certification preferredREQUIRED EDUCATION :
Bachelor's degree in Computer Science, Information Technology, or a relevant fieldOTHER KEY QUALIFICATIONS :
Strong familiarity with PCI and SOX security requirements and controlsAbility to maintain accurate and detailed notes regarding compliance issuesAbility to work efficiently with multiple compliance frameworks and deadlinesAbility to establish and maintain strong working relationships with business partners across the enterprise.Ability to quickly take direction from the primary Sr. Compliance Analysts and Team Leads without a formal training structureExcellent relationship-building skills and cultural awareness, along with the ability to work effectively in a matrixed environmentCapable of delivering results through a position of influenceAbility to maintain industry relationships and look to all sources available to develop the best technology strategiesAbility to multi-task in a fast-paced environmentPREFERRED SKILLS AND EXPERIENCE :
MSCE, CISM, and other technical certification strongly preferredIT SECURITY COMPLIANCE ANALYST
The Security Compliance Analyst works in support of IT Security compliance requirements and company risk tolerance. This role ensures that adequate and effective security processes, controls, and lifecycles are followed and aligned to deliver compliance with security policy and regulatory requirements. The Security Compliance Analyst supports the security compliance program, tracking completion and remediation of compliance activities, and documenting compliance program evidence. This role works with a wide variety of people from different internal customer organizational units to track and maintain compliance activities throughout the organization when and where IT systems are utilized.
ROLES AND RESPONSIBILITIES :
Works as a team member in the Information Security Department focusing on IT Security compliance processes and initiatives, acting as the central point of contact and collaborating with other organization units within the company in these mattersSupports the security compliance program, ensuring the identification, tracking, prioritization, and remediation of all internal and external compliance requirements; also supports Internal Audit activities and remediation requirementsEnsures adequate and effective IT controls exist to meet applicable current and future security compliance requirements found in laws, regulations, frameworks such as requirements to comply with SOX (Sarbanes-Oxley), SSAE 16 SOC I & II, PCI (Payment Card Industry) Security Standards, HIPAA, state and federal privacy lawSupports and updates a centralized repository of security controls aligned with corporate, regulatory, security framework requirementsCoordinates selected tests of information security measures, including targeted penetration attacks, vulnerability scans, and other configurable controls reviewsCoordinates the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistentUnderstands the fundamental business activities performed by company, and based on this understanding, aligns appropriate information security solutions that adequately protect these activitiesAssists with the implementation of company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practicesAssists with vulnerability management reporting including patch management tracking and software code analysis reports.Assists with identity management reviews from automated and manual systemsREQUIRED TECHNICAL SKILLS :
Minimum of 3 years' of experience in an IT role focusing on information security and IT complianceCISA or CISSP certification preferredREQUIRED EDUCATION :
Bachelor's degree in Computer Science, Information Technology, or a relevant fieldOTHER KEY QUALIFICATIONS :
Strong familiarity with PCI and SOX security requirements and controlsAbility to maintain accurate and detailed notes regarding compliance issuesAbility to work efficiently with multiple compliance frameworks and deadlinesAbility to establish and maintain strong working relationships with business partners across the enterprise.Ability to quickly take direction from the primary Sr. Compliance Analysts and Team Leads without a formal training structureExcellent relationship-building skills and cultural awareness, along with the ability to work effectively in a matrixed environmentCapable of delivering results through a position of influenceAbility to maintain industry relationships and look to all sources available to develop the best technology strategiesAbility to multi-task in a fast-paced environmentPREFERRED SKILLS AND EXPERIENCE :
MSCE, CISM, and other technical certification strongly preferred
