IT Security Compliance Analyst

The Security Compliance Analyst assesses, communicates, and reduces risk to the organization focusing on identifying risk based on team input, proactive compliance activities, and vendor risk management. The Security Compliance Analyst works in support of IT Security compliance requirements and company risk tolerance.

• The Security Compliance Analyst supports the security compliance program, tracking completion and remediation of compliance activities, and documenting compliance program evidence.
• Investigates and determines where threats exist based on input from the Security Operations Center (SOC) team, current policy requirements, and threat hunt information.
• Responsible for company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices.
• Assists with vulnerability management reporting including patch management tracking and software code analysis reports.
• Collaborates with team to develop compliance program strategy.
• Evaluates the security of vendors and hosted solutions based on approved Information Security standards.
• Determines risk and potential impact based on emerging security threats.
• Supports the security compliance program, ensuring the identification, tracking, prioritization, and remediation of all internal and external compliance requirements; also supports Internal Audit activities and remediation requirements.
• Ensures adequate and effective IT controls exist to meet applicable current and future security compliance requirements found in laws, regulations, frameworks such as requirements to comply with SOX (Sarbanes-Oxley), SOC II, and state / federal privacy law.
• Supports and updates a centralized repository of security controls aligned with corporate, regulatory, security framework requirements.
• Coordinates the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistent.
• Collaborates with share service areas (internal controls, risk management, legal and HR) on the maturation of policies/procedures related to compliance activities.
• Assists with identity management reviews from automated and manual systems.
• Part of rotational on-call support for Tier 2
• Perform other duties as required and/or assigned.

• Bachelor’s degree in computer science or related field is required
• 5 or more years of experience in Information Security
• Experience with laws, regulations, frameworks such as requirements to comply with SOX (Sarbanes-Oxley), SOC II, and state / federal privacy law.
• Familiarity with ISO/IEC 27001 standards or experience supporting ISO 27001 compliance activities is a plus
• Proven information security audit experience
• Experience with vulnerability management
• Experience with third-party risk management and enterprise risk assessments
• Experience with security awareness and training functions and tools
• Proven analytical, strategic vision drawing on strong problem-solving abilities.
• Able to prioritize and execute tasks in a high-pressure environment.
• Strong written, oral, and interpersonal communication skills.
• Ability to present ideas in business-friendly and user-friendly language appropriate to both executive and managerial audiences.
• Highly self-motivated and directed.
• Keen attention to detail.
• Skilled in working within a team-oriented, collaborative environment.