Risk and Compliance Security Analyst II
Posted on Sep 4, 2019 by Request Technology
A prestigious company is looking for a Risk and Compliance Analyst that will access processes to identify gaps in business processes and controls.
They need to be able to build a risk register that aligns to controls from a security framework. They need to be able to perform risk assessments. They will also need to be able to consolidate controls from multiple security frameworks (HIPPA, PCI, NIST 800-53R4, ISO 270001/2/3/4.
- Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required.
- Takes actions as directed to ensure business awareness of Data Privacy guidance, including the General Data Protection Regulation (GDPR), and appropriate engagement of Data Privacy office, as needed.
- Provides advice to global business units on actions needed to align business requirements with relevant global security frameworks, standards, policies, and procedures.
- Proactively provides relevant inputs to the global risk framework based on the latest government and industry information regarding new threats and vulnerabilities and communicate relevant information to appropriate teams, soliciting action plans if needed.
- Coordinates deployment and measurement of security awareness efforts across Company global business units
Preferred Education & Experience:
- BA/BS or equivalent preferred, 5-7 years of experience in related field preferred.
- CISSP (Certified Information Systems Security Professional) certification or candidate for certification required
- CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or CIPP (Certified Information Privacy Professional) certifications helpful, but not required
- Experience working with ISO 27001 (or similar) security framework, PCI DSS and CSA CCM standards in operational IT environment required
- Experience applying other security frameworks (eg, CSF, COBIT), laws and standards (eg Sarbanes-Oxley, GDPR, HIPAA) helpful, but not required
- Working experience with IT Security risk frameworks such as ISO 27005, OCTAVE, FAIR, NIST RMF very helpful
- Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) very helpful