Conexess is looking for an experienced IT Security Governance and Compliance Analyst who will be responsible for ensuring the confidentiality, integrity, & availability of information assets within the enterprise. The IT Governance and Compliance Analyst will provide technical expertise & protection of assets by reviewing, analyzing, & implementing security controls, functions, & processes within the enterprise to support the overall information security program & other security initiatives. The person will consult & interface with network administrators, system administrators, desktop support staff, IT staff, developers, & non-IT departments on security issues & requirements. This position may also serve as a backup to other critical security positions as necessary.

The IT Governance & Compliance Analyst will assist with creating & managing information security policies & procedures based on industry standard frameworks & best practices, performing risk assessments & security awareness training, ensuring organization-wide compliance with security policies, & providing audit support as necessary. This position is located in Southfield, MI & may be contract-to-hire. Paid relocation is not available. Internally this role may be at the Analyst or Associate level.

Responsibilities

   Security Team

• Expected to stay current on security industry trends, new threats & attack techniques, mitigation techniques, & emerging security technologies
• Provide insight & participate in security projects to evaluate & recommend security products for various applications & platforms throughout the organization while supporting business initiatives
• Assist with the development, maintenance of, & training on technical documentation & Standard Operating Procedures
• Successfully manage multiple priorities & deadlines
• Improve security efficiency & streamline/automate work processes while working collaboratively with other team members & IT staff to accomplish objectives
• Participate, as needed, in Critical incidents & implementation reviews

    Governance & Compliance

• Author & revise enterprise information security policies & standards in-line with industry frameworks & best practices
• Perform information security risk assessments & assess the control environment of the business processes & applications under review in accordance with the information security program
• Manage the SDLC process & coordinate with other IT teams to ensure all proper protocols are being followed & adhered to
• Develop information security awareness training & educational materials & conduct new hire security awareness training
• Compose risk assessment/audit reports, as well as develop remediation plans to address risks & vulnerabilities discovered during audits/risk assessments
• Manage compliance related activities to document, schedule, & collect documentation requests & procedural information to support audit & assessment activities
• Keep abreast of the latest information security & privacy laws & regulations; ensure compliance both with internal security policies & applicable laws & regulations

Skills/Requirements

• Highly motivated to work in information security
• Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISSP, CISA, CRISC, etc.)
• Ability to work well as an individual & as part of a team
• Excellent written & oral communication skills, inter-personal skills, & effective skills to support security programs. Must be able to provide formal reports & presentations as required
• Must give attention to detail & possess the ability to prioritize tasks so work is completed in an accurate, timely manner
• Excellent problem solving ability and ability to resolve issues under tight time frames
• Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) preferred
• Must have the ability to work full time
• Must be able to work in an office environment
• Must be physically able to sit/stand at a computer & work in front of a computer screen for significant portions of the work day

Experience, Certifications, & Education

• 1-6 years of professional work experience
• Experience within Information Security, Risk, Compliance, Audit or Information Technology is desired, but not required
• Proven project management & organizational skills
• Bachelor’s degree in Information Technology or related field desired, but not required
• Certified Information Systems Security Professional (CISSP) desired, but not required
• Certified Information Systems Auditor (CISA) desired, but not required
• Certified in Risk & Information Systems Control (CRISC) desired, but not required