Security Analyst - Security Risk & Compliance

Job Description

Reporting to the Senior Manager of Security Risk & Compliance, the Security Analyst will ensure that policy and compliance documentation, requirements and controls are accurately and timely identified, mapped, tracked, reviewed, and reported for the organization to increase security posture. The Security Analyst will ensure that documentation, data, assessment information, and GRC program information are kept up to date. Working closely with other members of the Security Team to manage and support security administration tasks and security projects. This position requires a detail-oriented individual able to efficiently analyze and resolve problems.

Responsibilities:
• Monitor and review IT security controls to identify operational effectiveness
• Assist with implementation of Security Risk Assessment methodology, policy, strategy and process
• Assist with mapping controls to policies, procedures, and processes to ensure adequate coverage
• Perform process and control walkthroughs and document control narratives as assigned
• Perform third party and internal risk assessments
• Assist with access control management and reviews
• Assist with IT remediation efforts and track completion status of deficiencies
• Assist in the ongoing maintenance and process improvements of compliance programs (e.g. PCI DSS, SOX, etc.)
• Provide security consulting services to the internal business owners and partners
• Maintain clear communications, documentation, and timely support for security policy and compliance activities
• Work with GRC and InfoSec tools to collect and maintain security and risk information
• Update project and status reports as needed
• Assist with policy and standards research, development, review and maintenance
• Assist with data governance program

Qualifications:
• Preferred 5+ years' experience in Information Security or Information Technology field. Internship may be substituted for experience
• Bachelor's degree in Computer Science, IT or Information Security
• Cloud Security foundational knowledge preferred.
• Experience working within a team to deliver and track solutions
• Ability to identify, monitor and remediate security compliance issues
• Hands-on experience working with GRC tools a plus.
• Ability to complete assigned work on time and to specifications
• Strong verbal and communication skills with all levels of the business on security issues
• Willingness to acquire in-depth knowledge of security standard methodologies, technologies and products and continuously improve these skills
• Must be self-motivated, able to work independently, and multi-task effectively
• Experience in using tools and techniques for planning, organizing and implementing projects
• CISSP preferred or willingness to obtain

Jobcode: Reference SBJ-rnz1mr-3-15-219-217-42 in your application.