Information Security & Compliance Analyst

Arcosa, Inc. is seeking an Information Security & Compliance Analyst in our Dallas, TX headquarters. Reporting to the Senior Director of Cyber Security and Compliance, the Information Security Compliance Analyst will assist with the coordination and completion of government, regulatory, and compliance documents for Information Technology.

This position will develop and maintain standards, processes, and procedures to assess, monitor, report, escalate, and manage remediation of IT control and compliance related issues. They will work collaboratively with internal audit and technical teams in the design and implementation of IT controls. This role will also generate reports and/or metrics that help track compliance issues identified through the Security & Compliance Assessment process.

Arcosa, Inc. (NYSE: ACA) is a growth-oriented, publicly traded manufacturer and producer of infrastructure-related products and services. The company has businesses with leading positions in construction, energy, and transportation markets.

Responsibilities:

• Documenting, implementing, and assessing policies, processes, and procedures specific to IT compliance for ICFR regulations.
• Actively serves as primary point of contact for internal and external audits and provides IT management direction as to how to remediate pertinent action items.
• Partner with IT control owners in implementing and validating controls for Access Management, Release Management, Change Management and Vendor Management processes to ensure compliance with the IT Frameworks.
• Coordinate with control owners to ensure active management /monitoring of controls are operating effectively and timely.
• Manage annual IT testing for internal and external audits, risk assessments, and regulatory, legal and policy compliance collaborating with our external auditors.
• Assist with the requirements and achievement of appropriate certification programs surrounding information security.
• Facilitate user access reviews, exposure analysis and ensure respective remediation is performed in a timely manner.
• Advise and partner with IT teams on how to effectively comply with IT standards to proactively mitigate risks
• Provide guidance and ensure compliance with any applicable information security standards and regulations for employees, partners, and other third parties.
• Monitor, track and report status of security tasks and open remediation items.
• Manage Data Protection Program and ensure access to sensitive data is appropriately authorized.
• Evaluate control effectiveness of internal and external risk assessments.
• Develop procedures to support security related activities.
• Manage Third Party Risk Management program and ensure third party security risks are measured and monitored.
• Additional responsibilities as needed.

Requirements:

• Bachelor's degree in Business Administration, Accounting, Information Systems or related field preferred
• 7 plus years of experience in IT audit with information security background
• Demonstrated experience maintaining and updating policies and procedures
• Demonstrated knowledge of information security standards and methodologies with general understanding of security processes, tools and latest technologies
• Knowledge of PCI, SOC1 and 2, ISO, COBIT, SOX GCC, ITIL, HIPPA, Privacy Acts, and other IT compliance frameworks
  CISA or CIA certified candidates preferred
• Advance knowledge in Information Security Technologies
• Strong verbal and written communication skills
• Ability to work with minimal supervision, balancing a mix of resources, due dates and requirements.
• Detail-oriented with strong adaptability and capacity to work in fast-paced environments

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.