Security Controls Analyst

Job Purpose

The Security Controls Analyst is a leader on the Security Office team supporting implementation of key Information Security Controls across business functions within the company. This position applies security controls across business processes to assure effective information security, focused on coordinating audit inquiries and remediation follow up. This position is also responsible for the coordination and execution of access management controls and quality control processes.

Essential Responsibilities

• Coordinates audit inquiries including the facilitation of requirement gathering and remediation efforts.

• Executes annual access review controls and performs quality control review of key processes.

• Assesses security control effectiveness in the context of business needs and practices.

• Identifies security risks and potential controls for mitigation.

• Identifies potential business impacts from security-related issues.

• Establishes efforts for remediation of security issues.

• Promotes development of security and risk management culture throughout the organization.

• Develops and monitors security metrics aligned to goal achievement.

• Documents security processes and security requirements.

• Executes project management and development of security requirements and designs.

Other Duties

• Leads integration of the security program into business functions.

• Reviews and interprets vendor due diligence materials, including audit reports and security control questionnaires.

• Works with internal audit to ensure remediation of identified information security control deficiencies.

• Collaborates across the security organization, participating in other security initiatives as needed.

• Assists in developing the definition and focus of the analyst position according to interests, aptitudes and evolving needs of the business.

• Performs other duties and/or projects as assigned.

Knowledge, Skills and Abilities

• Excellent knowledge of information security concepts.

• Business acumen to be able to engage business process owners throughout the organization.

• Knowledge of information security vulnerabilities, threats and mitigations.

• Expert on risk assessment processes.

• Knowledge of information security controls frameworks, such as COBIT, NIST, ISO.

• Proficiency with audit testing and control methodologies.

• Ability to effectively communicate technical and non-technical issues both verbally and in writing.

• Excellent analytical, problem-solving, and process documentation skills.

• Effective interpersonal skills.

Qualifications

• Bachelor's Degree or equivalent experience and/or education required.

• 1+ years of Information Systems experience required.

• 1+ years of Information Security specific experience preferred.

• 1+ years Experience in financial services or insurance preferred.

• 1+ years Experience or training in any of the following: audit, business management, cloud services, regulatory compliance, use of GRC platforms preferred.

• 1+ years experience or training in any of the following: audit, access management, business management, cloud services, regulatory compliance, use of GRC platforms, specifically Active Directory, Azure Active Directory, SailPoint, CyberArk preferred.

• CISSP Certified Information Systems Security Professional within 1 Year preferred.

• Certified Information Systems Auditor (CISA) preferred.

• Other relevant industry certifications such as Security+, GSEC, SSCP, CSX, etc. preferred.