Information Security & Compliance Analyst (GRC) - Remote
Direct Travel
2021-10-22T14:41:39Z
Minneapolis
Minnesota
United States
Information Technology
(No Timezone Provided)
Job Type: Salary, Full-Time
Hours: Monday-Friday, 40 hours per week
Location: United States, Position may be located In-Office (Centennial, CO), Remote, or Hybrid
Position Overview
We are looking for a high caliber candidate to join our team as an Information Security and Compliance Analyst. This role will assist in managing our GRC (Governance, Risk Management and Compliance) function. The Information Security and Compliance Analyst will work in a collaborative fashion with our internal teams and external partners to manage Information Security & Compliance risk as well as prove the same to management and clients. Our ideal candidate for this role will have solid experience in security and compliance, and will have significantly contributed to SSAE18 SOC 2, PCI ROC and/or ISO 27001 audits.
If you thrive in a dynamic environment and enjoy challenges then this may be the right fit for you! Our team is comprised of smart and creative team players, who love IT assurance. The ideal candidate will be as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are talking with IT staff.
This role will work closely with and report to the Senior Director of Information Security & Compliance.
Responsibilities
Track and ensure timely resolution to all audit and risk assessment findings or issues relating to information security Appropriately communicate audit engagement reports and recommendations to company management, and track any open concerns or questions to resolution Ensure 100% certification success rate on ISMS projects and audit engagements Takes lead role in managing GRC program and tools Identifies technologies and solutions that could improve the security posture of the company Contributes to the development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers and workstations Serves as subject matter expert regarding information security and compliance policy Maintains awareness of current and emerging threat landscapes Reports security & compliance metrics to department and company leadership Supports additional audit and governance functions as assigned Required Qualifications
Bachelor’s degree in computer science, information systems, information security, or a related discipline. An equivalent combination of education, training, and experience will also be considered. Experience achieving successful annual PCI Compliance, SSAE18 SOC 2 attestations and/or ISO 27001 certifications 2-3 years’ experience leading information security audits (with a preference for IS0 27001 and SOC 2 audits or assessments) 2-3 years’ experience as an IT security or compliance analyst, with experience developing security strategy and policy. Significant knowledge of ISO 27001 Experience with Payment Card Industry (PCI) Compliance Solid knowledge of the NIST 800-53, NIST CSF Solid understanding Information Technology and Information Security demonstrated by the ability to contextualize findings and make relevant and valuable recommendations Experience in full Governance, Risk Management and Compliance Lifecycle Experience writing policies and procedures High level of personal integrity and commitment to compliance Strong sense of autonomy and ownership over assigned projects Strong communication skills (written/verbal) with the ability to engage stakeholders Excellent analytical, organization, and planning skills Able to successfully perform remote work Able to successfully pass background check following an accepted offer of employment Must be able to lawfully work within the US and have unrestricted work authorization for US Ability to travel up to 15% if required Preferred Qualifications
Experience with the myriad of regulatory compliance frameworks (e.g., HIPAA, GDPR, CCPA, PII, PCI-DSS, SOX). Certifications (e.g., ISO 27001 Lead Implementer, CISA, CISM, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP). Familiarity with standards such as FISMA, HITRUST, CSF 2-3 years of experience with MSP or IaaS cloud-based solutions (O365, Azure) Direct Travel is an EOE/AA/Veteran/People with Disabilities employer.
Information Security & Compliance Analyst (GRC) - Remote
Job Type: Salary, Full-Time
Hours: Monday-Friday, 40 hours per week
Location: United States, Position may be located In-Office (Centennial, CO), Remote, or Hybrid
Position Overview
We are looking for a high caliber candidate to join our team as an Information Security and Compliance Analyst. This role will assist in managing our GRC (Governance, Risk Management and Compliance) function. The Information Security and Compliance Analyst will work in a collaborative fashion with our internal teams and external partners to manage Information Security & Compliance risk as well as prove the same to management and clients. Our ideal candidate for this role will have solid experience in security and compliance, and will have significantly contributed to SSAE18 SOC 2, PCI ROC and/or ISO 27001 audits.
If you thrive in a dynamic environment and enjoy challenges then this may be the right fit for you! Our team is comprised of smart and creative team players, who love IT assurance. The ideal candidate will be as comfortable talking with senior management about Information Security Management Systems and attestation strategies as they are talking with IT staff.
This role will work closely with and report to the Senior Director of Information Security & Compliance.
Responsibilities
Track and ensure timely resolution to all audit and risk assessment findings or issues relating to information security Appropriately communicate audit engagement reports and recommendations to company management, and track any open concerns or questions to resolution Ensure 100% certification success rate on ISMS projects and audit engagements Takes lead role in managing GRC program and tools Identifies technologies and solutions that could improve the security posture of the company Contributes to the development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers and workstations Serves as subject matter expert regarding information security and compliance policy Maintains awareness of current and emerging threat landscapes Reports security & compliance metrics to department and company leadership Supports additional audit and governance functions as assigned Required Qualifications
Bachelor’s degree in computer science, information systems, information security, or a related discipline. An equivalent combination of education, training, and experience will also be considered. Experience achieving successful annual PCI Compliance, SSAE18 SOC 2 attestations and/or ISO 27001 certifications 2-3 years’ experience leading information security audits (with a preference for IS0 27001 and SOC 2 audits or assessments) 2-3 years’ experience as an IT security or compliance analyst, with experience developing security strategy and policy. Significant knowledge of ISO 27001 Experience with Payment Card Industry (PCI) Compliance Solid knowledge of the NIST 800-53, NIST CSF Solid understanding Information Technology and Information Security demonstrated by the ability to contextualize findings and make relevant and valuable recommendations Experience in full Governance, Risk Management and Compliance Lifecycle Experience writing policies and procedures High level of personal integrity and commitment to compliance Strong sense of autonomy and ownership over assigned projects Strong communication skills (written/verbal) with the ability to engage stakeholders Excellent analytical, organization, and planning skills Able to successfully perform remote work Able to successfully pass background check following an accepted offer of employment Must be able to lawfully work within the US and have unrestricted work authorization for US Ability to travel up to 15% if required Preferred Qualifications
Experience with the myriad of regulatory compliance frameworks (e.g., HIPAA, GDPR, CCPA, PII, PCI-DSS, SOX). Certifications (e.g., ISO 27001 Lead Implementer, CISA, CISM, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP). Familiarity with standards such as FISMA, HITRUST, CSF 2-3 years of experience with MSP or IaaS cloud-based solutions (O365, Azure) Direct Travel is an EOE/AA/Veteran/People with Disabilities employer.