Opportunity: Information Security Compliance Analyst | BomaLink


BomaLink is in the beginning stages, please send us feedback and any errors we receive will be promptly corrected!

Information Security Compliance Analyst

Information Technology

Posted 1 month ago


Information Security Compliance Analyst Our direct client, a global leader in their field, is seeking a Security Compliance Analyst to be a member of the Global Security Compliance team. This is a hands-on, support role of the corporate information security program. This includes ensuring compliance program, and security policy deliverables, are achieved. Also supports the security policies, processes, tools and standards throughout the organization, through close association with the Global Information Security Group, Internal Audit, Legal, Human Resources, Data Privacy Officers, and other organizations within the corporation, and with designated external partners. This is a dynamic environment with lots of potential for career growth. The successful candidate must be a proactive, independent self starter who is eager to learn. Candidate must have a strong background in technology, security and metrics, and must be highly adaptive. The candidate must be highly collaborative, organized and analytical, and is expected to partner and mentor effectively with other teams on an ongoing basis. Position Responsibilities Identifies policy and process gaps, or breaks, ensures proper segregation of duties, and documents approved exceptions. Participates in the drafting, updating, revising and publication of security policies and other security materials. Develops, tests, documents, evaluates, tracks, and improves security compliance controls. Performs administrative control reviews and recommends remediation actions and alternative approaches to resolve conflicts. Identifies, collects and organizes security incident and event data to produce exception and management reports. Supports continuous improvement by developing, operationalizing and maintaining security compliance metrics and documentation. Also provides support for Security Compliance requests and incidents. Reviews technology platforms, including operating systems, applications, and network devices and vendors to ensure compliance with established best practices, organizational and operational policies. Participates in Change Control and Release activities to ensure changes deployments donrsquot compromise security controls and policies. Maintains the Security Questionnaire database and responds to Security Questionnaires, as necessary. Prepares risk assessments for third- and fourth-party vendors to advise the business on relevant IT risks associated in using the vendor or technology. QualificationsExperienceEducation Bachelorrsquos degree in computer science, or equivalent work experience required. Professional security management certification, such as an ISC(2) Systems Security Certified Practitioner (SCCP), SANS GIAC Information Security Professional (GISP) is a plus. ExperienceSkills (1 - 5 years) Strong conceptual thinking and communication skills - the ability to translate complex business and technical requirements into effective and comprehensible solutions. Ability to correlate disparate data sources to produce a complete picture, or view of an event, system, or environment (Connect the dots). Working knowledge of various regulations such as SOX, HIPAA, international data privacy regulations such as the European Union General Data Protection Regulation. Knowledge of NIST and ISO 27000 security practice frameworks. Knowledge of security controls (e.g. Firewalls, IDSIPS, VPN, Web Content Filters, Proxies, DLP, SIEM, Log aggregation etc.) Operational experience with one or more common IT infrastructures (Telecom, database, Windows, Active Directory, LDAP, SMTP, DLP, and NIX server systems, virtualization platforms) Understanding of the Microsoft Office suite to include Access and Visio. The following are not essential, but are highly valued SharePoint experience to maintain security sites associated with the Security Compliance Group Professional experience or knowledge of application or infrastructure penetration testing Basic working knowledge of scriptingprogramming languages (e.g. Python, Powershell) Basic knowledge of cloud security controls and behaviors


Please click the button above to learn more.

New Message