The analyst acts as the technical liaison between IT Risk and IT/Development teams here at MINDBODY in interpreting and assisting in the implementation of IT security controls. The analyst has technical expertise in assisting system administrators, database administrators, cloud and platform engineers and developers in implementing technical controls, ensuring the controls are continuous and effective across the organization, and enabling the measurement of those controls by IT Risk.
The analyst regularly utilizes strong written and verbal communication skills to concisely and effectively explain high-level risk concepts into technical implementations. This position requires the ability to effectively interact with key members of the business unit and IT management across MINDBODY, after demonstration of the necessary skills, participates and presents in appropriate MINDBODY committees.
This role has a combined responsibility of administration, practical leadership and hands-on technical contribution, being able to work with multiple platforms and technology across the enterprise.
MINIMUM QUALIFICATIONS AND REQUIREMENTS:
At least 5 years of full-time work experience in Information Technology
Experience in design, creation, and operations of; security assessment programs, third-party risk assessment programs, external audits (PCI/HITRUST/SOX for example)
Bachelor's degree - master's degree a plus
Intermediate understanding of technical aspects of information security
Intermediate understanding of Windows, Linux, and MAC OS
Intermediate understanding of networking and network administration
Familiarity with common Information Security and Information Technology frameworks and standards and compliance and regulations (including but not limited to: ITIL, COBIT, NIST, ISO 27XXX, CIS 20, PCI, GDPR, HIPAA, SOX)
Systems administration or database administration background highly preferred
Good communication skills including the ability to present technical subjects to non-technical audiences
Strong work ethic, attention to detail, and organizational skills
Ability to multi-task and manage priorities in a fast-paced environment
Ability to collaborate in a team setting, as well as work independently
Conceptual understanding of software development methodologies
Knowledge of ISO27001/27002, PII, PHI, financial data regulations, data residency requirements, and international regulatory aspects pertaining to sensitive information
Intermediate to advanced knowledge and hands-on experience of InfoSec tools (SIEM/FW/IDS/HIDS/NIDS, Anti-Malware/App whitelisting etc)
Experience with application security, SaaS, or cloud security
CISSP, GSEC or CISM highly valued
MCSP, MCSE, CCNA, CCIE a plus
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Serves as technical liaison between IT Risk and internal IT to lead the implementing of MINDBODY Cybersecurity IT security controls.
Is responsible for ensuring IT/Dev teams at MINDBODY are providing measurements for IT Risk of those controls and provides technical leadership assistance in the implementation of measurements.
Take a lead role in the technical development and execution of the internal IT Risk program. This includes assisting various business units in implementing MINDBODY Cybersecurity IT security controls, internal IT controls and compliance reviews; and remediation testing of issues identified during third-party assurance reviews or internal assessments.
Responsible for providing internal business clients feedback on the effectiveness of corrective action plans in the event of non-compliance with controls or detected vulnerabilities in their environment.
Coordinate various project requests from functional teams to increase operational efficiency, strengthen IT environment, and help meet the company's IT risk requirements.
Serve as subject matter expert on various special projects within the organization.
Maintain familiarity with changes and trends in the it security, information systems and cloud landscape.
Evaluate effectiveness and perform internal testing of security controls implementing by MINDBODY IT teams.
Collect and maintain evidence of compliance with information security policies and regulatory requirements.
Coordinate written responses to RFPs on IT security, controls and compliance areas.
Design, review and update information security policies, procedures, standards, and other InfoSec documentation.
Assist in maintaining IT security controls documentation repository.
Collaborate with cross-functional teams to document, implement, monitor and manage IT controls.
Support and maintain the technical implementation of key metrics.
Participate in special projects and duties as required.