IT Security Analyst – Risk and Compliance (Part Time)

Phillips & Cohen Associates Ltd.Wilmington, DE
81d
Match Resume

About The Position

The person in the position, under general direction, ensures PCA IT Security Control Framework is in compliance with federal, state, local, industry and client security requirements. Develops, tests, documents, evaluates, tracks, identifies gaps, improve IT compliance controls, execution of defined Security Controls and evidence collection. Collaborates with internal and external audit teams, IT management, cybersecurity teams and other stakeholders to ensure IT compliance programs and IT Security Policy deliverables are met. The IT Security Analyst will be a key member of the Information Security team responsible for coordination of audits, control definitions, QA testing oversight, procedure creation and/or enhancement, and security and awareness training. Success in this role requires a good understanding of information security best practices, IT infrastructure and applications as well as identity and active directory security knowledge. The analyst must have the ability to understand and communicate risk and controls. Must have strong organization, planning, good communication and writing skills.

Requirements

  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology related field or equivalent experience.
  • 2+ years’ experience in IT related field.
  • 1+ years’ experience in IT Audit, compliance or controls assessments.
  • Certification in Security, Audit or Risk management a plus; CISA, etc.
  • Working knowledge of Windows operating systems.
  • Working knowledge of Active Directory.
  • Strong analytical and problem-solving skills.
  • Solid understanding of IT Controls and objectives, Control Mapping, Audit Protocols.
  • Working knowledge of Applications, Databases, SaaS and Cloud applications.
  • Some knowledge of computer Networks, Servers, IAM Solutions, Incident Response a plus.
  • Excellent communications skills with an emphasis on follow-through, tracking and meticulous attention to detail are required.
  • Ability to work independently, adjust priorities, and work in a continuously changing environment.
  • Ability to work successfully in a deadline driven, team environment.

Nice To Haves

  • Certification in Security, Audit or Risk management a plus; CISA, etc.
  • Some knowledge of computer Networks, Servers, IAM Solutions, Incident Response a plus.

Responsibilities

  • Assist in identifying potential IT-related risks (security, operational, technological) through various methods.
  • Participate in the evaluation of identified IT risks by assessing their likelihood and potential impact.
  • Support the development and implementation of IT risk mitigation strategies and controls.
  • Provide on-going evaluations and validation of IT control effectiveness.
  • Actively track and communicate restraints, conflicts, or gaps in existing IT processes as well as cross-functional team remediation efforts related to IT risks.
  • Assist in System Audits and Security Assessments.
  • Interpret Audit results and make conclusions on the adequacy and reliability of IT controls.
  • Participate in other risk and compliance-related projects as assigned.
  • Execute IT Security control evidence gathering and approvals.
  • Coordinate controls evidence generation, review, approval, and storage for IT controls.
  • Outline clear and effective evidence collection and storage of IT control activities.
  • Establish a Central Repository for all IT evidence and maintain a library of responses.
  • Perform compliance gap assessments, particularly within the IT environment.
  • Reviews, documents, evaluates, and tests manual and computer controls (IT general controls and application controls).
  • Coordinate the responses to compliance findings and the identification of response evidence related to IT.
  • Develop, track, and publish compliance metrics related to IT controls.
  • Communicate updates on IT compliance controls performance to management.
  • Implement and/or leverage technology to effectively collect, store, and share the evidence associated with IT controls activities.
  • Provides training to third-party compliance assessors on organizational IT tools, resources, and repositories for the collection and review of controls-related evidence before each audit.
  • Captures and stores policy exception approvals for easy access & use during yearly assessments, particularly those related to IT.
  • Generate windows and active directory-related evidence for controls assessments.
  • Perform tasks and functions as assigned by IT Management.
  • Coordinate and maintain the security awareness training necessary to ensure adherence to organizational policies, standards, and overall security controls.
  • Assist in the coordination of yearly security incident response effectiveness testing.
  • Analyze data to identify IT risk and compliance trends and patterns.
  • Collaborate effectively with various departments across the organization to embed IT risk and compliance considerations into their processes.
  • Assist in developing and delivering IT risk and compliance training materials.
  • Utilize risk management and compliance software and tools effectively.
  • Stay updated on the latest IT risk management techniques, cybersecurity regulations, and industry best practices.
  • Perform tasks and functions as assigned by IT Management.

Benefits

  • Equal Employment Opportunity for all individuals regardless of race, color, religion, gender, age, national origin, disability, marital status, sexual orientation, veteran status, genetic information and any other basis protected by federal, state or local laws.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Career Level

Entry Level

Education Level

Bachelor's degree

Number of Employees

251-500 employees

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service