Technology Partners is currently seeking a talented IT Security Analyst, Compliance, Policy – 146305. Do you have experience with security? Let us help you make your next big career move a reality!
What You Will Be Doing:
As a Security Analyst 2 on the GRC Policy & Compliance team, you will understand and maintain information security policies, standards, procedures and technical guidelines to support business objectives and regulatory compliance, providing research, recommendations and contributions. Proactively monitor developments in industry standards, laws and regulations, contractual requirements, and the organization’s capabilities and risk strategy. Analyze applicability and impact and translate into policies and standards changes. Work closely with stakeholders from information technology and the business who implement the policies to promote and disseminate policy, standards, and technical guidance to the organization. Provide subject matter expertise for policy content, intent, and applicability of security requirements. Create and conduct presentations and white papers for medium and large audiences. Effectively and professionally collaborate with IT stakeholders to analyze and measure risk, as well as determine and validate risk treatment options. Share risk insight and context to educate others and ensure they understand and adhere to security procedures and compliance requirements. Identify, create, and maintain key performance metrics for measurement of risk and compliance, and create documented reports on results of IT security risk analysis and assessments, following established methodologies. Contribute to the development and maintenance of security assessment methodologies and operational processes. Participate in customer audits as they pertain to the information security governance area. Follow security policies and procedures to protect our customers, our employees, and our brands by incorporating security and compliance in all decisions and daily job responsibilities. Apply fundamental cybersecurity and privacy principles (relevant to confidentiality, integrity, availability, authentication, and non-repudiation) to team and department level requirements; apply security policies and frameworks into operational processes.
Required Skills & Experience:
- Must be presently authorized to work in the U.S. without a requirement for work authorization sponsorship by our company for this position now or in the future
- 3+ years of IT-related experience
- 2+ years of IT security experience in policy and compliance
- Strong knowledge of security and risk management industry standards (preferred standards are PCI DSS, ISO 27001/2, NIST CSF/800-171)
- Strong interpersonal and technical skills, with the ability to relate to all levels of technology and business
- General knowledge of various IT systems and components, such as servers, storage, switches, etc. (hands on technical knowledge is not required)
- Knowledge of technical security controls/tools in the context of vulnerability management, incident response, cloud security, application security, etc.
- Knowledge of modern security problems and solutions for endpoint security, network security, cloud security, application security, identity & access management, vulnerability management, threat detection, and/or incident response
- Ability to maintain a high degree of confidentiality
- Capable of working independently, as well as in team/collaborative setting
- Must have proven experience in working effectively in cross-functional teams and the ability to establish, foster and maintain relationships across the organization
- Must demonstrate strong documentation, communication skills, and proven ability to deliver presentations
- Must be committed to incorporating security into all decisions and daily job responsibilities
Desired Skills & Experience:
- Bachelor’s degree in Cyber Security, Computer Science, Computer Information Systems, Management Information Systems, or extensive security related experience preferred
- Security related certifications such as: CISA, CISSP, CRISK
- Solid knowledge of Information Security Forum (ISF) Standard of Good Practice (SoGP)
- Thorough understanding of security industry standards such as ISO 27001/2 and NIST security standards.
- Functional knowledge of productivity, documentation, and collaboration tools such as SharePoint, Jira, Confluence, and Jive
We are interested in every qualified candidate who is eligible to work in the United States. However, we are not able to provide sponsorship at this time.
If this position sounds like you, WE SHOULD TALK!
Your better future is ready, and we want to put the right tools in your hands to get you there. Let’s go!
Keywords: compliance, policy, security, audit, PCI, NIST
Looking for more opportunities with Technology Partners? Check out technologypartners.net/jobs!