Senior Analyst – Information Security Governance, Risk & Compliance

Role Overview

• Assist in managing a compliance program for a portfolio of internal/external audits & certifications, ensuring documented and sustainable compliance practices across the company.
• Assist with the implementation and direction of compliance processes to automate and continuously monitor information security controls, exceptions, risks, testing, and evidence artifacts.
• Develops reporting metrics and dashboards.
• Assists control owners in defining responsibilities and control standards for regulatory and compliance goals – including but not limited to the following audits and certifications: SOX, PCI, HIPAA, SOC1/2, FED RAMP, HITRUST, ISO 27001/27017/27018, Cyber Essentials, etc.
• Map and maintain common controls framework and control scope/applicability for a portfolio of compliance initiatives and information security policies.
• Assists in the establishment of an Information Security GRC Center of Excellence by providing audit and assurance services to support a portfolio of compliance projects.
• Provide compliance subject matter expertise and advisory services to stakeholders/control owners.
• Documents and reports control failures and gaps to stakeholders.
• Provides remediation guidance and prepares stakeholders' reports to track remediation activities.
• Evaluate & report any security/compliance risks to track as part of the company risk register.
• Consults on developing security standards, procedures, and controls to manage risks.
• Gather requirements guide assigned controls within the centralized GRC tool & audit/certification document repository to care for compliance program information across the company.
• Work with business unit/product level compliance teams to strengthen and align to a shared company compliance plan and organization approach/methodologies to ensure streamlined, lean, effective, and agile processes.
• Provides dashboards and reports based on regular assessments and testing of the effectiveness and efficiency of controls.
• Perform operational activities related to the compliance program and escalate deviations when needed.
• Perform audit services including risk and gap assessments to business units as needed.
• Provide input on responses for company-wide compliance-related customer/partner/third-party requests.
• Practice Agile methodologies and promote/strengthen automation across all initiatives to promote a higher level of work quality and act as a model for others to emulate.

Requirements

• Bachelor's Degree in Computer Science or equivalent field of study
• 5+ years of experience working with applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations
• 5+ years of experience in Information systems auditing, monitoring, controlling, and assessment process
• Proficiency in Risk assessment and direction methodology
• Proficiency in working with recognized IT Security-related standards and technologies.
• Ability to function effectively within cross-functional and interdisciplinary teams to achieve tactical and strategic goals.
• Demonstrated project management, organizational, and facilitation skills.
• Excellent communication and presentation skills.
• Demonstrated ability to serve as an effective member of the InfoSec GRC team and ability to communicate security-related concepts to a broad range of technical and non-technical management and staff.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
• ISO LA, PCI QSA, CISSP, CISM, CISA, ITIL, or GIAC certifications desired.

Benefits

• larger tech companies benefits and perks
• independence to make a larger impact on the company