Information Security Compliance Analyst
The Information Security Compliance Analyst II is responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these function, the ISCA II's includes, but are not limited-to, the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks. This responsibility includes developing key performance metrics to ensure compliance with established policies and standards, the ISCA-II is also responsible for developing key performance metrics for tracking.
Analyze management and technical controls within Company to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.
Map Company's requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiencies.
Track FISMA compliance and maintain up-to-date records of requirements and corresponding mitigating controls.
Monitor Third Party Risk Assessments and assist in performing internal risk assessments.
Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
Monitor Company's Change Management Process to ensure compliance.
Support development of security policies and procedures and support service-level agreements to ensure that security controls are managed and maintained.
Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance Group.
Bachelor's degree in Business, with IT audit or compliance experience, or Computer Science, with business and IT Audit/Compliance experience desired.
Working knowledge of common IT security impacted regulations and/or standards such as FISMA, NIST, ISO and Sarbanes-Oxley.
Knowledge of FISMA/NIST information security standards is necessary.
Minimum three year experience conducting security control assessments and audits
Minimum two year experience developing or managing a security awareness program.
One of the industry certifications (CISSP, ISSAP, CISM, CRISC, CISA) is preferred.
Must possess and be able to maintain strong oral and written communication skills, documentation and manual.
Must have strong analytical skills and be a critical thinker.
Exhibit a high-level of attention to detail and be a self-starter with ability to multi-task and adjust to shifting
Employment Type: Permanent
Work Hours: Full Time
Pay: $80,000 to $100,000 USD
Pay Period: Annual
Click here to apply
Please mention that you saw the job on Business Analyst Learnings