Conexess – Conexess Design Skip to main content

IT Security Governance & Compliance Analyst

Job Title
IT Security Governance & Compliance Analyst
Job ID
996489
Location
Farmington Hills,  MI
Other Location
Description
Our History: 
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 150+ individual’s nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies, to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record 

Who We Are: 
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project based work. 

Overview:
Conexess is looking for a highly motivated Security Governance & Compliance Analyst who can assist with creating & managing information security policies & procedures based on industry standard frameworks & best practices.  Successful candidate will have prior knowledge of Information Security compliance requirements including ISO27001, PCI, SOX, & HIPAA . The Security Analyst will consult & interface with network administrators, system administrators, desktop support staff, IT staff, developers, & non-IT departments on security issues & requirements. This position may also serve as a backup to other critical security positions as necessary.


 
Security Team
  • Expected to stay current on security industry trends, new threats & attack techniques, mitigation techniques, & emerging security technologies
  • Provide insight & participate in security projects to evaluate & recommend security products for various applications & platforms throughout the organization while supporting business initiatives
  • Assist with the development, maintenance of, & training on technical documentation & Standard Operating Procedures (SOP)
  • Successfully manage multiple priorities & deadlines
  • Improve security efficiency & streamline/automate work processes while working collaboratively with other team members & IT staff to accomplish objectives
  • Participate, as needed, in Critical incidents & implementation reviews
    Governance & Compliance
  • Author & revise enterprise information security policies & standards in-line with industry frameworks & best practices
  • Perform information security risk assessments & assess the control environment of the business processes & applications under review in accordance with the information security program
  • Manage the SDLC process & coordinate with other IT teams to ensure all proper protocols are being followed & adhered to
  • Develop information security awareness training & educational materials & conduct new hire security awareness training
  • Compose risk assessment/audit reports, as well as develop remediation plans to address risks & vulnerabilities discovered during audits/risk assessments
  • Manage compliance related activities to document, schedule, & collect documentation requests & procedural information to support audit & assessment activities
  • Keep abreast of the latest information security & privacy laws & regulations; ensure compliance both with internal security policies & applicable laws & regulations
Requirements
  • Highly motivated to work in information security
  • Ability to work well as an individual & as part of a team
  • Excellent written & oral communication skills, inter-personal skills, & effective skills to support security programs. Must be able to provide formal reports & presentations as required
  • Must give attention to detail & possess the ability to prioritize tasks so work is completed in an accurate, timely manner
  • Strong knowledge of information systems security concepts & current information security trends & practices
  • Working knowledge of infrastructure security tools such as firewalls, network security monitoring, anti-malware, content management, OS hardening, etc.
  • Knowledge of Information Security compliance requirements including ISO27001, PCI, SOX, & HIPAA
  • Strong knowledge of recognized industry security standards & best practices
  • Advanced skill in developing & implementing methods & procedures to ensure information security & data integrity
  • Work closely with security team & IT to ensure compliance, facilitate remediation, & facilitate continuous improvement
  • Must have the ability to work full time
  • Must be able to work in an office environment
  • Must be physically able to sit/stand at a computer & work in front of a computer screen for significant portions of the work day
Qualifications
  • 1-7 years of Information Security experience preferred
  • Proven project management & organizational skills
  • Bachelor’s degree in Information Technology or related field recommended
  • CISSP recommended
  • Certified Information Systems Auditor (CISA) recommended
  • Certified in Risk & Information Systems Control (CRISC) recommended

Option 1: Create a New Profile