Security Compliance Analyst

About The Position

Requirements

• BA/BS or equivalent experience
• 3+ years of experience gained in the information security field
• Experience reviewing, editing and negotiating contracts, specifically to ensure adequate safeguards are defined to protect sensitive business information
• Experience working with, and ideally writing, information security policies and standards
• Understand information security holistically and how it relates to business goals
• Excellent written, oral, and interpersonal communications skills
• Ability to design, implement, reengineer and manage complex processes.
• Proven people management skills.
• Strong analytical skills
• General knowledge and experience with information security standards and methodologies, including the PCIDSS, ISO 9000 series, COBIT, Sarbanes Oxley, HIPAA, and other relevant industry security standards, and knowledge of risk assessment and risk analysis
• Experience with PCI DSS Assessments.
• Experience working with, and ideally writing, information security policies and standards and/or developing or implementing security-related tools
• Experience within GRC, specifically reviewing contracts and agreements between various parties to determine risks

Nice To Haves

• CISSP, CISM, CISA or similar certification [e.g., GIAC Certified ISO-17799 Specialist (G7799)]
• Privacy Certification (e.g., Certified Information Privacy Professional)
• Experience communicating privacy and security compliance issues to upper management
• Experience presenting information security issues to large audiences, forums, or communities
• Experience working within the retail sector

Responsibilities

• Respond to requests from the business to perform security reviews of third party engagement to ensure regulatory requirements and internal compliance obligations are met
• Partner with business owners to maintain an inventory of third parties sharing or accessing WSI’s sensitive business data
• Assign and monitor compliance tasks using GRC tools
• Work with business partners to ensure that policies and standards align with their commercial priorities and applicable laws, regulations, and related industry directives
• Develop and document standard operating procedures and process maps for the performance of third party risk management activities, based on higher level policy and procedures documentation
• Maintain effective relationships with business unit third party coordinators and other stakeholders, to ensure that business needs are satisfied in an efficient and effective manner
• Build and maintain strong professional relationships and partnerships with key business partners
• Communicate and promote the sound implementation of policies, standards, and procedures throughout the organization.
• Monitor and evaluate external security trends and best practices for policy adoption within WSI

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)