Summary

The Team

The Senior Analyst, Security Compliance is responsible for leading projects that support the global security compliance program and strategy as part of the governance, risk and compliance team. This includes overseeing the execution of external IT audits, providing technical or process oriented recommendations and collaborating closely with internal and external stakeholders of the information security management system, in addition to working on projects to remediate identified issues from ongoing or prior reviews.

The position will participate in the oversight of the security risk management process along with assessing, overseeing or monitoring the execution of security processes and controls, performing analysis, interviews, and reviews, along with creating or improving documentation, and providing feedback to stakeholders as necessary. The role will also assist with the implementation of controls by monitoring trends and developments to understand and implement plans to meet or exceed information technology focused regulatory requirements. The position entails demonstrating effective project management capabilities, collaboration skills with a wide variety of internal and external stakeholders, including reporting on status to upper management regularly and creating reports of results periodically.

The Opportunity

• Implement, monitor, and support security processes/systems that will help ensure compliance with regulatory and financial industry requirements along with corporate policies and procedures
• Conduct internal and external security assessments or audits to assess the design and/or the effectiveness of security and information technology general controls
• You will be involved in certification and attestation engagements, such as SOC reporting, ISO certification, both from an external audit and internal implementation or oversight perspective
• Develop, implement, or enhance cyber security policies and procedures in compliance with industry standards, regulations and leading practicesStay informed about changes in security regulations and ensure organizational adherence
• Identify and recommend potential areas where existing security policies and procedures require change, or where a supplement is required to mitigate focal security risks. Partner with various business areas and stakeholders to enhance security policies/procedures and controls
• Collaborate with external auditors to ensure compliance with industry standards
• Work with administrators, developers and other stakeholders to remediate control deficiencies
• Identify issues with underlying root causes regarding IT control deficiencies or gaps and develop actionable recommendations and oversee implementation of action plans for remediation
• Enhance the third party risk management program through knowledge of leading practices
• Analyze regulatory inspections and audit results for trends to support the security compliance team and work to develop supporting documentation or provide consultation to impacted stakeholders to maintain quality controls with supporting information and records
• Ensure leading security practices are identified and integrated into all facets of ongoing projects
• Creating data flow diagrams or process flowcharts for high-risk security or related processes
• Monitoring and managing project progress and risks, and ensuring key stakeholders are kept informed about progress and expected outcomesand that concerns are flagged early

Skills you should HODL

• Bachelors degree from an accredited institution, MBA or other advanced degree preferred
• 5 years of experience in technical information security roles, namely external or internal IT audit, security risk management, governance, or compliance or similar
• Demonstrated ability to lead cross-functional projects and lead projects involving remediation of identified control gaps or improvements to closure
• Knowledge of ISO/IEC 27001, PCI-DSS, SOC 1, SOC 2, ITIL, COBIT, CCSS and NIST
• Knowledge of integrated financial audit engagements, especially involving public and/or highly regulated financial services businesses
• Experience with cybersecurity regulations and regulatory best practices, such as those promulgated by the EU, SEC, FCA, NYDFS, CPPA, etc
• Experience with deployments and transitions into a cloud environment or utilization of cloud infrastructure to achieve business technical needs and related objectives
• Understanding and implementation of segregation of duty frameworks and associated mitigating controls and SOD tools
• Experience performing IT control assessments, internal or external IT audits, or implementing cybersecurity controls for large scale financial service organizations (hybrid environments)
• Knowledge/experience in identity access management and related cybersecurity tools
• Understanding of computer science and programming concepts, including software development, deployment, and control, and an eager willingness to learn more 
• Familiarity with languages such as JavaScript, Python, C, Go, Rust, or similar is a plus  
• Strong time management skills, self-motivated, and disciplined working remotely
• Project management experience, knowledge and skill set

Nice to Haves

• Previous consulting or Big 4 audit experience preferred
• Data flow diagram or related skillset is preferred, i.e. experience with Vizio or similar tools
• Understanding of application development, deployment, and management patterns, especially DevSecOps and CI/CD practices is nice to have
• Experience with national security and privacy regulations is nice to have 
• Data Analysis or scripting experience is another nice to have for candidates
• Experience supporting regulatory and statutory reporting processes and improvements
• At least one of professional security management certification such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired

Estimated Base Salary $101K to $153K Offers Equity Offers Bonus

Skills

• Auditing
• Python
• Risk Analysis
• Security System Management