This Job Vacancy has Expired!

Principal Information Security Governance and Compliance Analyst

Request Technology - Craig Johnson

Posted on May 5, 2022 by Request Technology - Craig Johnson

Florida, FL
IT
Immediate Start
$100k - $130k Annual
Full-Time

*We are unable to sponsor for this permanent Full time role*

*Position is bonus eligible*

Prestigious Enterprise Company is currently seeking a Principal Information Security Governance and Compliance Analyst. Candidate is responsible for driving governance and compliance as part of the Information Security program. This primary function of this role involves focusing on the development and life cycle management of policies, standards, controls, and compliance frameworks, as well as performing risk-based compliance testing. This position works closely with teams within the Information Technology department, as well as general business areas.

Responsibilities:

  • Act as an information security governance and compliance subject matter expert
  • Develop, publish, and maintain information security policies, standards, and control procedures
  • Maintain the policy life cycle management function, ensuring information technology and security policies are reviewed and updated on a regular basis
  • Work closely with the Information Security Risk Management team to design, document, and test controls aligned to mitigate IT risks within the IT organization
  • Maintain the control inventory and control mappings to security compliance frameworks such as NIST CSF/800-53, ISO 27001/2, etc.
  • Conduct regular risk-based compliance testing of information security controls, reporting exceptions and monitoring remediation efforts
  • Develop metrics and KPIs (Key Performance Indicators) for the information security program and prepares executive reports
  • Conduct the annual NIST Cyber Security Framework (CSF) self-assessment and presents findings and accomplishments
  • Participate heavily in the development, growth, and maturity of the governance and compliance management program within the ServiceNow GRC (governance, risk, and compliance) solution
  • Stay updated with compliance, regulatory, and industry best practices applicable to Southern Glazer's
  • Participate in various stages of the project management life cycle to ensure successful implementation of security controls
  • Develop and executes effective presentations at all levels within the organization
  • Act as a consultant to the information security and information technology departments, providing guidance and helping to mature the overall security posture of the organization
  • Perform other duties as assigned

Qualifications:

  • Eight or more years of work experience in information security, IT auditing, risk management, and/or compliance management
  • Bachelor's degree in computer science, information security, information technology, or related field of study; or equivalent professional work experience
  • Professional governance, risk, or compliance certification such as CISA, CRISC, CGEIT, etc.
  • Demonstratable expert-level experience in writing, editing, and revising policies, control procedures, and other governance documents (Ability to provide samples a plus)
  • Expert-level experience in executing compliance control testing programs and processes
  • Experience implementing a variety of information security frameworks & controls across a large organization
  • Strong working experience with the NIST Cybersecurity Framework, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
  • Knowledge of risk management processes, techniques, and tools
  • Familiarity with network technologies and protocols (Switches, Routers, Firewalls, VPNs, remote connection technologies, and multiple domain environments)
  • Knowledge of hybrid IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)

Preferred Skills:

  • Master's degree in related field preferred
  • Professional information security certification such as CISSP, CISM, ISO Lead Auditor, etc.
  • Experience implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus)
  • Knowledge of Scripting languages (such as python, PowerShell, etc.)
  • Experience in food, beverage, CPG, or distribution industries a plus. Experience in other regulated industries is also welcome
  • Big 4 experience a plus

Reference: 1587149585

Set up alerts to get notified of new vacancies.