Information Security and Compliance Analyst
The Information Security and Compliance Analyst is responsible for assisting with administering full range of IT security systems, auditing all of the information and physical security (as it relates to information technology) solutions. The Information Security Operations Engineer is responsible for ensuring that secure practices, procedures and policies are designed and implemented, provides input into future state decisions regarding information security technology design.
RESPONSIBILITIES / DUTIES:
- Proactively protect the integrity, confidentiality, and availability of information technology resources.
- Administer network and computing devices/systems that help enforce security policies, audit controls and in a global environment.
- Assist in responses to external audits, penetration tests and vulnerability assessments
- Coordinate maintenance of security-related systems (Anti-Virus, Patching, Intrusion Detection, Logging, Anti-spam, etc.)
- Daily administration of monitoring tools, including maintenance and upkeep
- Daily monitoring of enterprise networks and management of alert notifications for suspicious/malicious behavior (this may include after-hours and weekend/Holiday availability)
- Identify security issues and risks, and develop mitigation plans
- Implement technical solutions to support ISO 27001 and other regulations as required
- Recommend and coordinate the application of fixes, patches and disaster recovery procedures in the event of a security breach
- Respond in a timely manner to suspected loss or misuse of information technology assets.
- Participate in investigations of suspected information technology security misuse or in compliance reviews as requested by auditors.
- Participate in completing, reviewing and/or editing security questionnaires and RFPs, as well as supporting sales questions.
- Participate in managing ongoing review and follow up of the security/compliance questions from customer/sales and other stakeholders.
- Participate in and acts as a technical leader in, periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications
- Participate in Security policy development and implementation
- Participate in conducting risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems
- Communicate unresolved information technology security exposures, misuse, or noncompliance situations with appropriate management.
- Provide users and management with technical support on matters related to information security such as the criteria to use when selecting information security products
- Advise on technologies, practices, and policies that can mitigate security issues.
- Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy
- Conduct research on emerging products, services, protocols, and standards.
- Assist with SOC2 compliance validation and reporting
- Other duties as assigned.
- 2-5 years of experience directly related to information technology security in medium to large international enterprise environments. This experience should include active participation in Information Security Management, Compliance, Risk Assessment, Contract Review and Response, and development and administration of an organization wide IT security architecture.
- Bachelor’s degree in Computer Science, Engineering, Business, or related discipline is desired.
- Experience with complex SaaS Operations and Corporate IT environments
- Experience driving compliance-related activities, including SOC2 readiness & audit support, PCI certification, GDPR and HITRUST.
- Experience in Control language development & assessment
- Knowledge of applicable laws and practices relating to information privacy and security.
- Knowledge and understanding of current security standards and regulations such as ISO 27001/27002 required.
- Knowledge and understanding of current security standards and regulations such as COBIT, NIST, ITIL, PCI and HIPAA, etc. desired.
- Knowledge and Experience in managing security and vulnerability management tools.
- The demonstrated ability to apply analytical and problem-solving skills to information security and privacy issues.
- Ability to conduct research into security issues and products as required.
- Ability to effectively communicate both verbally and in writing to both technical and non-technical staff on issues of information security. The ability to write documents ranging from formal and informal reports, system documentation, and training materials. Must be able to prepare these materials with limited advance notice.
- The ability to work independently with limited supervision and limited direction.
- The demonstrated ability to work effectively in a collaborative team environment as an individual contributor.
- The demonstrated ability to apply effective organizational skills and excellent attention to detail.
- Working knowledge of current project management principles, processes, methodologies and tools for information technology projects
- The ability to provide support after normal business hour as needed.
- CISSP and/or CISA certifications.
- Prior experience in Big 4 Consulting Firms
WhiteHat Security is proud to provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.
WhiteHat Security is an E-Verify employer and is proud to provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.
To apply for this job please visit jobs.jobvite.com.
Please mention you found this job on infosec-jobs.com to help us get more companies to post here 🙂