Conexess is looking for a highly motivated Security Governance & Compliance Analyst who can assist with creating & managing information security policies & procedures based on industry standard frameworks & best practices. Successful candidate will have prior knowledge of Information Security compliance requirements including ISO27001, PCI, SOX, & HIPAA . The Security Analyst will consult & interface with network administrators, system administrators, desktop support staff, IT staff, developers, & non-IT departments on security issues & requirements. This position may also serve as a backup to other critical security positions as necessary. Security Team - Expected to stay current on security industry trends, new threats & attack techniques, mitigation techniques, & emerging security technologies
- Provide insight & participate in security projects to evaluate & recommend security products for various applications & platforms throughout the organization while supporting business initiatives
- Assist with the development, maintenance of, & training on technical documentation & Standard Operating Procedures (SOP)
- Successfully manage multiple priorities & deadlines
- Improve security efficiency & streamline/automate work processes while working collaboratively with other team members & IT staff to accomplish objectives
- Participate, as needed, in Critical incidents & implementation reviews
Governance & Compliance - Author & revise enterprise information security policies & standards in-line with industry frameworks & best practices
- Perform information security risk assessments & assess the control environment of the business processes & applications under review in accordance with the information security program
- Manage the SDLC process & coordinate with other IT teams to ensure all proper protocols are being followed & adhered to
- Develop information security awareness training & educational materials & conduct new hire security awareness training
- Compose risk assessment/audit reports, as well as develop remediation plans to address risks & vulnerabilities discovered during audits/risk assessments
- Manage compliance related activities to document, schedule, & collect documentation requests & procedural information to support audit & assessment activities
- Keep abreast of the latest information security & privacy laws & regulations; ensure compliance both with internal security policies & applicable laws & regulations
Requirements - Highly motivated to work in information security
- Ability to work well as an individual & as part of a team
- Excellent written & oral communication skills, inter-personal skills, & effective skills to support security programs. Must be able to provide formal reports & presentations as required
- Must give attention to detail & possess the ability to prioritize tasks so work is completed in an accurate, timely manner
- Strong knowledge of information systems security concepts & current information security trends & practices
- Working knowledge of infrastructure security tools such as firewalls, network security monitoring, anti-malware, content management, OS hardening, etc.
- Knowledge of Information Security compliance requirements including ISO27001, PCI, SOX, & HIPAA
- Strong knowledge of recognized industry security standards & best practices
- Advanced skill in developing & implementing methods & procedures to ensure information security & data integrity
- Work closely with security team & IT to ensure compliance, facilitate remediation, & facilitate continuous improvement
- Must have the ability to work full time
- Must be able to work in an office environment
- Must be physically able to sit/stand at a computer & work in front of a computer screen for significant portions of the work day
Qualifications - 1-7 years of Information Security experience preferred
- Proven project management & organizational skills
- Bachelor’s degree in Information Technology or related field recommended
- CISSP recommended
- Certified Information Systems Auditor (CISA) recommended
- Certified in Risk & Information Systems Control (CRISC) recommended
| |