The Information Security & Compliance Analyst is a global, highly visible role providing expertise in evaluating, assessing and monitoring the organization's compliance with applicable information security standards and frameworks, industry best practices, and applicable laws and regulations. This role will also help coordinate and maintain the organization's Information Security Management Program, and assist staff in implementing security policy objectives in ways that align with business and mission objectives.
Duties and Responsibilities
Provides regulatory and compliance advice to business and control units on an ongoing basis.
Responsible for documenting and executing business continuity and disaster recovery plans.
Analyze and address breaches in operations to ensure integrity of processes, controls, and policies.
Provide governance for and participate in the computer security incident response (CSIRT) process by ensuring that the process is being followed and documented. Respond to escalated security events and drive the security incident response process.
Participate in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments.
Participate in vulnerability scans, penetration tests and ethical hacking tests that are conducted and manage results to remediation of issues found.
Will work with internal and external auditors to demonstrate and provide evidence for controls that are in place. May conduct additional testing to validate that items found during tests have been remediated.
Responsible for completion of security questionnaires and working with the Sales team on RFI responses related to security.
Lead and execute complex information security assessments that require both analytical and technical skills across a broad range of Information Technology topics (e.g., Identity and Access Management, Security Architecture, Physical and Environmental, etc.).
Manage the Security Awareness Training program to ensure employees complete all required modules annually.
Proactively identifies technology risks and develops recommendations for improvements to mitigate risks and bring programs and operations into compliance with the goals and objectives of the Information Security Management Program.
Takes a lead role in the development and execution of the internal IT compliance-testing program. This includes, application assessments, internal IT controls and compliance reviews; and remediation testing of issues identified during regulatory inspections or internal assessments.
Skills and Specifications
Extensive customer service experience a must
Pro-active, self-propelled work ethic with ability to stay on task and focused with minimal supervision
Ability to handle multiple projects simultaneously
Organized with exceptional attention to detail
Ability to influence change in corporate understanding and adoption of information security concepts.
Excellent communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal/external business partners/clients.
Strategic planning and tactical leadership skills and experience
Strong analytical, data management and decision making skills
Education and Qualifications
Bachelor's degree or equivalent work experience
5+ years of experience in two or more major information technology functions (infrastructure, operations, application support, etc.)
2+ years IT security, IT compliance, or IT risk management experience desired.
Familiarity with industry frameworks and standards such as SOC 2 Type 2, ISO27001, SOX, HITRUST, ITAR, and PCI Controls and audit processes.
In depth knowledge of application security, information security risk and Industry best practices (how to best manage risk).
Holds certifications such as: CISSP, CISA, CRISC, CISM or similar.
Legal/eDiscovery experience a plus
Inventus is an equal opportunity employer.