Traditional assessment/security framework folks, who have some experience working in unstructured environments and who have the ability to learn about what needs to be in a basic design and how to bake security into that design
People who have design/deployment experience with unstructured environments and some assessment/security framework background or who have the ability to learn that assessment/security framework
Job Summary: The Information Security Risk & Compliance Analyst is responsible for supporting and maintaining the information security program to ensure that information assets and associated information systems are adequately protected in the digital ecosystem.
This role supports all day-to-day operations, functions and capabilities relating to technology risk and compliance. The role supports the Information Security compliance program and is responsible for operating technology risk management processes, maintaining technology related Information Security policies, and completing risk assessments of technology related initiatives.
Support the Risk & Compliance Department
Support the completion of assessments of the operational effectiveness of the security controls and supports any required remediation.
Identify and document cyber risks and manage mitigation and follow up on open security risks. Report issues to IT stakeholders.
Execute information security testing for all areas of the technology operating environment (e.g., infrastructure reviews, penetration testing, vulnerability scanning, application reviews, cloud, and mobile technology review) with a focus on AWS IaaS and related services, infrastructure as code and related orchestration tools and concepts, O365 and related services, and Azure.
Assist in the execution of the information security program, including meeting PCI compliance requirements.
Assist with cross-department remediation project tasks in multiple workstreams. Act as lead for IT focused remediation projects.
Develop and update of information security policies and standards.
Provide technical support and expertise related to tools used to perform security and vulnerability assessments. Assist with ad-hoc vulnerability compliance reporting and follow up with support partners to ensure all identified vulnerabilities are being addressed.
Provide support to Information Security Incident Response team during cyber incidents.
Validate that information security requirements are built into architectures and new technology projects.
Act as a technical information security consultant for internal business teams and the IT department to implement and support new and existing technologies.
Assist in the technical deployment of security solutions that enhance the information security architecture.
Maintain foundational knowledge of Payment Card Industry (PCI) Data Security Standard compliance by keeping apprised of changes to the standard, evaluating new systems for impact and supporting annual PCI audit.
Ability to work well individually as well as in a team environment.
Excellent written and verbal communication skills, interpersonal and collaborative skills.
Up-to-date knowledge of methodologies and trends in both information security and IT.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Must be a critical thinker, with strong problem-solving skills.
Ability to manage one or more projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Ability to lead internal security technology projects and security remediation projects with limited dependencies on external IT teams.
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
Ability to be on-call 24x7x365 rotation for information security reviews of emergency changes and to support for information security incidents.
Ability to lead, mentor and influence others.
Minimum of 5 years of experience in a combination of incident response, information security and IT.
Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
Understanding and experience assessing and securing AWS and related service and O365 and related services.
Degree in technology-related field preferred, or equivalent work- or education-related experience.
Professional security management certification is required, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP), or other similar credentials.
Advanced knowledge of common information security management frameworks, such as ISO/IEC 27001, Critical Security Controls, and NIST 800-53 and Cybersecurity Framework.
Knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
Apply for Information Security Risk & Compliance Analyst
Fill out the form below to submit your information for this opportunity. Please upload your resume as a doc, pdf, rtf or txt file. Your information will be processed as soon as possible.
Return to IT Job Search