Information Security: Compliance Analyst I

About The Position

Requirements

• Bachelor’s degree in Computer Science, security, compliance, or related field
• Up to 2 years of experience working in the information security domain serving in a role in supporting and managing security compliance
• Enthusiastic about learning the data security principles needed to implement security controls and oversee data security practices
• Excellent organizational, analytical, and problem-solving skills
• Energized by problem-solving. Able to maintain a level head when a curveball is thrown your way and enjoy the challenge of connecting the dots and identifying what’s needed to resolve it.
• Reliable interpersonal, oral and written communication skills
• Able to effectively collaborate with IT system architects, technical project teams, and high-level business managers
• Self-starter and able to take initiative to stay abreast of security developments and threats
• Able to demonstrate adaptability, prioritize tasks, and meet deadlines in a fast-paced environment
• Able to pass a Federal background check to obtain a Personal Identity Verification (PIV) credential.

Nice To Haves

• CISA or CISM certificate in progress or completed.

Responsibilities

• Conduct assessments and gap analyses of compliance activities to support effectiveness indicators provided by government agencies
• Conduct internal audits of the system environment and relevant policies and procedures
• Collect information and evidence for external audits and client inquiries
• Integrate auditing protocols into development cycles and assisting with system architecture and design
• Implement and maintain applicable security and privacy regulatory and legal requirements into company’s Information Security Program.
• Research and maintain understanding of policies, regulations & laws at the state and federal levels
• Build understanding of security frameworks and standards for NIST, FedRAMP, FISMA, HIPAA, SOC2 and other relevant information security and privacy regulations.
• Contribute to the development and management of comprehensive documentation demonstrating continuous regulatory compliance effectiveness
• Contribute to briefings for senior management of implications of changes to the company’s security & privacy policies, procedures, processes.
• Contribute to internal policy recommendations for maintaining compliance,
• Develop reports and actionable information pertaining to risk and incident discovery and remediation technologies, techniques, and processes
• Support the creation and delivery of annual Incident Response Tabletop Exercise and Contingency Plan Testing
• Reviewing outputs from vulnerability scanning tools to identify, document, and track vulnerabilities and compliance deviations.
• Work closely with cross-functional teams to ensure these issues are remediated in accordance with the Service Level Agreements (SLAs).
• Join recurring internal team meetings to update the team on the status of progress of ongoing security initiatives and action items.
• Monitor and engage with internal communication channels to stay informed and connected to the team.
• Attend meetings with employees from IT and Software Development teams to discuss progress on a new security software.
• Take meeting notes and track action items to disseminate with attendees.

Benefits

• health, dental, and vision insurance
• retirement savings options
• paid time off
• other employee programs