Position is located in Charleston, SC
The Information Security Assurance Analyst is responsible for assisting with the SOC, PCI, HIPAA and other regulatory audits to include but not limited to the creation of audit plans, auditing security controls, policies and procedures and analysis of data in order to ensure regulatory compliance.
Organizes compliance program by creating reports and metrics from Data Loss Prevention tools, maintaining technical policies and rules (including Regular Expressions), and working with other teams to communicate changes made.
Supporting assurance functions of the organization by using various compliance tools.
Attains compliance by isolating and resolving non-compliance issues; recommending remediation to technical issues.
Development of APIs to integrate compliance tools with other data sources (e.g. HR systems, Cybersecurity tools).
Ability to write solution workflow diagrams, system documentation, playbooks, etc.
Prepares compliance reports by collecting, analyzing, and summarizing measurement data and trends.
Updates job knowledge by tracking and understanding emerging compliance engineering practices and standards; participating in educational opportunities and professional organizations; reading professional publications; maintaining personal networks.
Enhances engineering and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
Prior experience auditing and performing quality control actions of audits.
Required Minimum Qualifications:
Bachelor's Degree in related field and 3+ years of experience in Information & Network Security or IT Compliance.
Strong technical, analytical, interpersonal, communication and writing skills Strong verbal and written communication skills with ability to work in a team setting
Good understanding of fundamental security and network concepts (operating systems, databases, intrusion/detection, TCP/IP, ports, etc.)
Information Technology experience in the Healthcare or SaaS Industry
Experience with GRC tools for information gathering and reporting
Knowledge of government and/or industry regulatory requirements (SOC, HITRUST, PCI, SOX, HIPAA, etc.)
Knowledge/understanding of security standards (e.g. NIST, STIG, etc.)
One or more of the following Certifications: CISSP, CRISC, CISA, CCNP, CISM