The Information Security & Compliance Analyst is responsible for providing knowledge and skills to help drive several Information Security, Audit, and Compliance activities for the company. This position will also be responsible for tracking and driving remediation for identified gaps, tracking risks. In addition, the Information Security & Compliance Analyst will assist with client audits and questionnaires and function as a subject matter expert for internal business lines. Serves as a specialist in several Information Security domains, including Risk Assessments, User Access Reviews, Regulatory Compliance, GRC, Remediation, Vulnerability Scanning, Incident Response, and Security Awareness.
- Assist with various security and compliance projects
- Participate in customer onsite security reviews, functioning as a subject matter expert on how the company secures its products
- Act as an advocate and resource on compliance and Information Security for the local site
- Identify, assess, and prioritize emerging risks from the business
- Responsible for risk assessments across the enterprise
- Design, implement, and ongoing monitoring of critical security controls, including vulnerability scanning, SIEM, email protect, and endpoint protection.
- Review various systems for adherence to security configurations.
- Assist with monthly and quarterly vulnerability scanning and associated remediation activities
- Participate in development and maturity of GRC tool and processes
- Advise on best practices in alignment with HIPAA, PCI-DSS, and SOC 2 frameworks
- Participate in vendor management process by conducting security reviews on new vendors, and annually on critical vendors
- Assist with security awareness training, regular phishing simulations, and other specialized training activities driven by business needs and the current security landscape
- Perform special project related tasks as assigned.
- Comply with policies and procedures as required.
Embrace the Company Values:
- Empowered To Act
- Committed to Excellence
- Own It
- Do The Right Thing
- Earn Trust
- Education: Bachelor’s Degree in I.T. or Information Security or equivalent work experience required (4-5 years’ experience).
- Strong knowledge and experience with the Payment Card Industry Data Security Standard (PCI-DSS)
- Experience with Health Portability and Accountability Act (HIPAA)
- Experience in Governance Risk and Compliance (GRC) solutions and processes.
- Experience in compliance testing activities, documentation, self-assessment reporting, etc.
- Experience in creating and managing information security policies and procedures.
- Experience in evaluating the alignment of processes and controls with policies, standards, guidelines, and best practices
- Experience with the NIST Cybersecurity Framework and HITRUST control framework
- Keeps abreast of the relevant business developments and evolving IT risk areas, particularly those related to PCI-DSS and HIPAA.
- Experience with third party controls attestation reports (SOC2, HITRUST)
- Strong proficiency with MS Office Productivity Applications especially PowerPoint, Excel, and Visio.
- Payment Cardholder Industry Professional (PCIP) or Information Security Assessor (ISA) preferred.
Specific Job Skills: Demonstrated knowledge of securing and managing heterogeneous infrastructure environments (Windows, Macintosh, *nix). Familiarity with PCI-DSS, FISMA, SOC II, NIST, and HIPAA/HITECH requirements. Ability to review large amounts of data (such as system logs or vulnerability scans) to identify critical events and develop plans for addressing them. Demonstrated ability to effectively interact with individuals and groups both within and external to the company to achieve desired results. Demonstrated ability to analyze an issue/problem and make recommendations for an effective and efficient resolution. Excellent verbal and written communication skills. Proven commitment to providing excellent customer service within all dimensions of the job duties on a consistent basis.
Certifications: CISSP or CISA nice to have.
- Attention to detail
- Ability to work independently and in a team environment
- Excellent interpersonal skills
- Excellent verbal and written communication skills
- Ability to organize and multi-task job responsibilities effectively
- Proven commitment to providing excellent customer service within all dimensions of the job duties on a consistent basis
- Ability to learn quickly and retain knowledge to apply to new situations