Information Security & Compliance Analyst

RPX Corp Chicago , IL 60602

Posted 3 months ago

The Information Security & Compliance Analyst is a global, highly visible role providing expertise in evaluating, assessing and monitoring the organization's compliance with applicable information security standards and frameworks, industry best practices, and applicable laws and regulations. This role will also help coordinate and maintain the organization's Information Security Management Program, and assist staff in implementing security policy objectives in ways that align with business and mission objectives.

Duties and Responsibilities

  • Provides regulatory and compliance advice to business and control units on an ongoing basis.

  • Responsible for documenting and executing business continuity and disaster recovery plans.

  • Analyze and address breaches in operations to ensure integrity of processes, controls, and policies.

  • Provide governance for and participate in the computer security incident response (CSIRT) process by ensuring that the process is being followed and documented. Respond to escalated security events and drive the security incident response process.

  • Participate in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments.

  • Participate in vulnerability scans, penetration tests and ethical hacking tests that are conducted and manage results to remediation of issues found.

  • Will work with internal and external auditors to demonstrate and provide evidence for controls that are in place. May conduct additional testing to validate that items found during tests have been remediated.

  • Responsible for completion of security questionnaires and working with the Sales team on RFI responses related to security.

  • Lead and execute complex information security assessments that require both analytical and technical skills across a broad range of Information Technology topics (e.g., Identity and Access Management, Security Architecture, Physical and Environmental, etc.).

  • Manage the Security Awareness Training program to ensure employees complete all required modules annually.

  • Proactively identifies technology risks and develops recommendations for improvements to mitigate risks and bring programs and operations into compliance with the goals and objectives of the Information Security Management Program.

  • Takes a lead role in the development and execution of the internal IT compliance-testing program. This includes, application assessments, internal IT controls and compliance reviews; and remediation testing of issues identified during regulatory inspections or internal assessments.

Skills and Specifications

  • Extensive customer service experience a must

  • Pro-active, self-propelled work ethic with ability to stay on task and focused with minimal supervision

  • Ability to handle multiple projects simultaneously

  • Organized with exceptional attention to detail

  • Ability to influence change in corporate understanding and adoption of information security concepts.

  • Excellent communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal/external business partners/clients.

  • Strategic planning and tactical leadership skills and experience

  • Strong analytical, data management and decision making skills

Education and Qualifications

  • Bachelor's degree or equivalent work experience

  • 5+ years of experience in two or more major information technology functions (infrastructure, operations, application support, etc.)

  • 2+ years IT security, IT compliance, or IT risk management experience desired.

  • Familiarity with industry frameworks and standards such as SOC 2 Type 2, ISO27001, SOX, HITRUST, ITAR, and PCI Controls and audit processes.

  • In depth knowledge of application security, information security risk and Industry best practices (how to best manage risk).

  • Holds certifications such as: CISSP, CISA, CRISC, CISM or similar.

  • Legal/eDiscovery experience a plus

Inventus is an equal opportunity employer.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Strategy & Communications Manager


Posted 3 days ago

VIEW JOBS 11/14/2019 12:00:00 AM 2020-02-12T00:00 A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You'll focus on being the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protect our firms intellectual assets. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: * Pursue opportunities to develop existing and new skills outside of comfort zone. * Act to resolve issues which prevent effective team working, even during times of change and uncertainty. * Coach others and encourage them to take ownership of their development. * Analyse complex ideas or proposals and build a range of meaningful recommendations. * Use multiple sources of information including broader stakeholder views to develop solutions and recommendations. * Address sub-standard work or work that does not meet firm's/client's expectations. * Develop a perspective on key global trends, including globalisation, and how they impact the firm and our clients. * Manage a variety of viewpoints to build consensus and create positive outcomes for all parties. * Focus on building trusted relationships. * Uphold the firm's code of ethics and business conduct. Job Requirements and Preferences: Basic Qualifications: Minimum Degree Required: High School Diploma Minimum Years of Experience: 4 year(s) Preferred Qualifications: Degree Preferred: Bachelor Degree Certification(s) Preferred: CISSP, CISM, CISA, CCIE, CCNA, CCNP and CCSA Preferred Knowledge/Skills: Demonstrates extensive knowledge and/or a proven record of success in the following areas: * Application security solutions and Web hosting architecture and principles; * Common networking protocols and services and their relevant security issues; * Risk assessment/acceptance factors that can affect business and security decisions; and, * business processes and drivers that can affect system design. Demonstrates extensive abilities and/or a proven record of success in the following areas: * Analyzing application security vulnerability and executing process. Reviews vendor processes using application threat vulnerability tools, scanning techniques and/or code review results; * Using assessments of vulnerabilities and sources of threats and current security guidance; * Collaborating with teams to identify opportunities and provide recommendations on how application security can be built into project development; * Interacting with project management team members and vendors on application projects; * Reviewing application threat vulnerability assessments on application development projects; * Implementing strategy for application threat vulnerability review and remediation; * Identifying and documenting complex business cases to assist in gaining internal support to implement security solutions; and, * Monitoring vendor application development processes. All qualified applicants will receive consideration for employment at PwC without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. PwC is proud to be an affirmative action and equal opportunity employer. For positions based in San Francisco, consideration of qualified candidates with arrest and conviction records will be in a manner consistent with the San Francisco Fair Chance Ordinance. Pwc Chicago IL

Information Security & Compliance Analyst

RPX Corp