IT Security Governance and Compliance Analyst
- Job Title
- IT Security Governance and Compliance Analyst
- Job ID
- 26994637
- Location
- Southfield, MI
- Other Location
- Description
-
Conexess is looking for an experienced IT Security Governance and Compliance Analyst who will be responsible for ensuring the confidentiality, integrity, & availability of information assets within the enterprise. The IT Governance and Compliance Analyst will provide technical expertise & protection of assets by reviewing, analyzing, & implementing security controls, functions, & processes within the enterprise to support the overall information security program & other security initiatives. The person will consult & interface with network administrators, system administrators, desktop support staff, IT staff, developers, & non-IT departments on security issues & requirements. This position may also serve as a backup to other critical security positions as necessary.
The IT Governance & Compliance Analyst will assist with creating & managing information security policies & procedures based on industry standard frameworks & best practices, performing risk assessments & security awareness training, ensuring organization-wide compliance with security policies, & providing audit support as necessary. This position is located in Southfield, MI & may be contract-to-hire. Paid relocation is not available. Internally this role may be at the Analyst or Associate level.
Responsibilities
Security Team
- Expected to stay current on security industry trends, new threats & attack techniques, mitigation techniques, & emerging security technologies
- Provide insight & participate in security projects to evaluate & recommend security products for various applications & platforms throughout the organization while supporting business initiatives
- Assist with the development, maintenance of, & training on technical documentation & Standard Operating Procedures
- Successfully manage multiple priorities & deadlines
- Improve security efficiency & streamline/automate work processes while working collaboratively with other team members & IT staff to accomplish objectives
- Participate, as needed, in Critical incidents & implementation reviews
Governance & Compliance
- Author & revise enterprise information security policies & standards in-line with industry frameworks & best practices
- Perform information security risk assessments & assess the control environment of the business processes & applications under review in accordance with the information security program
- Manage the SDLC process & coordinate with other IT teams to ensure all proper protocols are being followed & adhered to
- Develop information security awareness training & educational materials & conduct new hire security awareness training
- Compose risk assessment/audit reports, as well as develop remediation plans to address risks & vulnerabilities discovered during audits/risk assessments
- Manage compliance related activities to document, schedule, & collect documentation requests & procedural information to support audit & assessment activities
- Keep abreast of the latest information security & privacy laws & regulations; ensure compliance both with internal security policies & applicable laws & regulations
Skills/Requirements
- Highly motivated to work in information security
- Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISSP, CISA, CRISC, etc.)
- Ability to work well as an individual & as part of a team
- Excellent written & oral communication skills, inter-personal skills, & effective skills to support security programs. Must be able to provide formal reports & presentations as required
- Must give attention to detail & possess the ability to prioritize tasks so work is completed in an accurate, timely manner
- Excellent problem solving ability and ability to resolve issues under tight time frames
- Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) preferred
- Must have the ability to work full time
- Must be able to work in an office environment
- Must be physically able to sit/stand at a computer & work in front of a computer screen for significant portions of the work day
Experience, Certifications, & Education
- 1-6 years of professional work experience
- Experience within Information Security, Risk, Compliance, Audit or Information Technology is desired, but not required
- Proven project management & organizational skills
- Bachelor’s degree in Information Technology or related field desired, but not required
- Certified Information Systems Security Professional (CISSP) desired, but not required
- Certified Information Systems Auditor (CISA) desired, but not required
- Certified in Risk & Information Systems Control (CRISC) desired, but not required