The Senior Compliance/Security Analyst position is a key contributor the organization s cybersecurity and privacy control and governance frameworks, practices, and programs.
This position will routinely collaborate with business, technical and security teams to assess risk and ensure alignment on security policies and standards and is expected to be a subject matter expert in the area of assessing risk, identifying emerging cybersecurity threats and understanding information security technologies and tools.
Responsibilities include applying cyber security control frameworks and standards throughout the organization such as HIPAA, HiTrust, the National Institute of Standards & Technology (NIST), CIS Critical Security Controls, and Payment Card Industry Data Security Standards (PCI DSS) through technologies and policy and process components.
- Ensure systems and applications are implemented with compensating controls to meet regulatory and other organizational compliance requirements (GLBA, SOX, HIPAA, PCI, etc.)
- Implement governance procedures for compliance standards and frameworks.
- Work closely with Enterprise Architecture/Infrastructure and Application Development to enhance the security posture of new and existing systems.
- Work with key stakeholders within information technology and information security to assess new risks, foster an environment of continuous improvements and recommend information security tools and controls.
- Be the subject matter expert who will guide the engineering team on broader risk and compliance standard ambiguities.
- Design a pipeline automation strategy to reduce the burden on engineering teams towards information security and compliance related requirements.
- Lead pre-audit analysis to ensure teams can successfully get services through audits.
- Define metrics to enable continuous control monitoring and to track compliance to IS standards by application and system owners.
- Lead the performance of root-cause analysis on recurring information security events to identify unmitigated risks and areas for control enhancements.
- Participate in the development of information security strategies, roadmaps, policies and standards
- Manage security audits, vulnerability and threat assessments, and directing responses to network or system intrusions
- Keep up-to-date on new regulations, compliance requirements, and official guidance from industry related organizations.
- Drive creative thinking to generate insights, alternatives, and technical terms within key areas of information security.
- Provide leadership, guidance and training to information technology and security personnel.
- Provide executive management with risk assessments, compliance reports and audit findings.
- Establish a strategic security architecture vision, including standards and frameworks that are aligned with the overall business and IT strategies
- Acts as information security subject matter expert; provide advisory and consulting services to business, IT department and IS management.
- Other duties may be assigned
DESIRED SKILLS AND EXPERIENCE:
- Experience acting in an architectural role with responsibilities for short?term and long?term definition of information security direction.
- An In-depth understanding of and experience with all security and compliance related aspects of technology including cloud services like Azure, Amazon Web Services and Google Cloud.
- Strong organization skills to effectively manage, lead and prioritize multiple projects/tasks simultaneously to quality and timely completion in a fast-paced and changing environment.
- Experience in designing and implementing secure solutions and secure coding processes.
- Experience with third party risk assessments a plus.
- Knowledge of data privacy regulations and experience implementing controls.
- Sound decision-making skills based on compliance needs and information security knowledge.
- A strong technical background in systems and network security.
- Expertise in assessing technology risks and development of controls to mitigate risks.
- Expertise in key technology domains including, but not limited to: change management, incident and problem management, event management, SDLC and application development, service continuity/availability.
- Experience in key information security domains including: application security, identity and access management, and IT Asset and Configuration management.
- Superior analytical and problem-solving skills, as well as exceptional written and verbal communication skills are essential.
- Demonstrated ability to consider multiple viewpoints and bring them to consensus
- Professional attitude, courteous, and collaborative towards internal and external customers, third party business partners/suppliers, and other employees, particularly in collaborating with technical IT professionals to accomplish project objectives.
- Ten years of relevant experience preferred with five years of systems and network security experience.
- Ability to work both within a team and independently to achieve desired results.
- Proven experience with writing detailed risk assessments/reports is preferred. Experience with audit committee or board reporting a plus.
- Results driven with a passion to influence change and a strong attention to detail.
- Perform tasks outside normally scheduled business hours as needed to complete project work and/or implement scheduled changes as needed.
- Strong interpersonal relationship skills to interface with employees at all levels within the organization to manage risk in concert with the business needs that drive the company forward.
- Bachelor s degree or equivalent professional work experience.
- Certified Information Systems Security Professional (CISSP), CompTIA Security+. CISA, CISM, or CRISC preferred