Career Opportunities

Share This Job

Sr. Security Compliance Analyst

Job Title
Sr. Security Compliance Analyst
Job ID
27026988
Location
Orlando,  FL 32837
Other Location
Description

The Senior IT Security Compliance Analyst works in support of IT Security compliance requirements and company risk tolerance. This role ensures that adequate and effective security processes, controls, and life cycles are followed and aligned to deliver compliance with security policy and regulatory requirements. The Sr. IT Security Compliance Analyst supports the security compliance program, establishing appropriate assessments, managing and tracking risk mitigation and remediation activities, and communicating compliance program results to Senior Management. This role works with a wide variety of people from different internal customer organizational units, bringing them together to manifest controls that reflect workable compromises as well as proactive responses to current and future information security risks, and produces metrics and communications for Senior Management. Additionally, the Sr. IT Security Compliance Analyst supports the development and implementation of a company-wide security awareness and education program.

ROLES AND RESPONSIBILITIES:
-Works as a team member in the Infrastructure Department focusing on IT Security compliance processes and initiatives, acting as the central point of contact and collaborating with other organization units within the company in these matters
-Performs and/or oversees the performance of periodic risk assessments that identify current and future internal and external information security vulnerabilities, provides necessary information to derive decisions about risk acceptance and risk mitigation, and identifies strategies to reduce information security risks
-Coordinates and directs the development, management approval, implementation, and communication of objectives, goals, policies, standards, guidelines, and other requirement statements needed to support information security compliance throughout the company
-Develops action plans, schedules, status reports and other Senior Management communications intended to track and improve the status of information security, including security vulnerabilities, risk-mitigating initiatives, policy compliance status, and regulatory compliance status
-Supports the Company's security compliance program, ensuring the identification, tracking, prioritization, and remediation of all external compliance requirements; also supports Internal Audit activities and remediation requirements
-Ensures adequate and effective IT controls exist to meet current and future security compliance requirements found in laws and regulations such as requirements to comply with SSAE 16 SOC I & II, PCI (Payment Card Industry) Security Standards, HIPAA, state and federal Privacy law
-Supports and updates a centralized repository of security controls aligned with corporate and regulatory requirements
-Coordinates selected tests of information security measures, including targeted penetration attacks and other configurable and administrative controls reviews
-Designs and engineers internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability
-Serves as an active member incident response teams and participates in security incident response efforts by having an in-depth knowledge of common security exploits, vulnerabilities and countermeasures; acts as a technical consultant on information security incident investigations and forensic technical analyses
-Acts as a liaison and decisions-maker regarding the work of information security consultants, contractors, temporaries, and outsourcing firms
-Supports the communication and actions supporting the Data Privacy Task Force
-Act as member of the Company's CERT Team (Computer Emergency Response Team)
-Manages special projects related to information security that may be needed to appropriately respond to ad-hoc or unexpected information security compliance events
-Coordinates the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistent
-Understands the fundamental business activities performed by company, and based on this understanding, suggests appropriate information security solutions that adequately protect these activities
-Assists with the implementation of company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices

REQUIRED TECHNICAL SKILLS:
-Minimum of 7 years' of experience in an IT role focusing on information security
-Previous experience in handling and resolving incidents of IT security breaches
-CISA or CISSP certification preferred

REQUIRED EDUCATION:
-Bachelor's degree in Computer Science, Information Technology, or a relevant field
-Equivalent education, training, or experience may be considered

OTHER KEY QUALIFICATIONS:
-Ability to develop, draft, and communicate policies and procedures related to information security
-Ability to develop and facilitate training related to information security
-Ability to establish and maintain strong working relationships with business partners across the enterprise
-Excellent relationship-building skills and cultural awareness, along with the ability to work effectively in a matrixed environment
-Capable of delivering results through a position of influence
-Ability to maintain industry relationships and look to all sources available to develop the best technology strategies
-Ability to multi-task in a fast-paced environment

PREFERRED SKILLS AND EXPERIENCE:
-MSCE, CISM, and other technical certification strongly preferred

Option 1: Create a New Profile