Information Security Analyst Jobs

Supports Consumer Cellular and Information Security Governance and Compliance programs to include:

Information Security, PCI and SOC controls, gap analysis, maintenance, remediation, security awareness and secure coding techniques using a compliance framework.

Participate in the coordination and execution of the planning and performance of regular control activities, while working directly with the technical and business stakeholders. Interface with internal and external compliance and audit personnel to identify appropriate risk factors, assess the adequacy of existing controls and drive remediation of control weaknesses to ensure compliance requirements are met and maintained.

Assist in the implementation and management of a continuous monitoring and compliance program to reduce audit fatigue and gain efficiency. Collect, review, and maintain artifacts required for compliance activities in a secure internal repository. Collaborate with internal stakeholders on a regular cadence to discuss, collect, and review this information.

Assist in the selection and implementation of a formal GRC tool to help the organization to accurately identify and manage risk in various areas (such as IT, assessment gaps, third party risk, etc).

Responsibilities

• Monitor processes and system configurations to ensure compliance with internal policies and procedures. (continuous monitoring)
• Work with control owners to ensure testability of existing controls and regularly validate that control activities are being performed according to schedule. (continuous monitoring)
• Work with process owners to develop and implement controls which meet the control objectives
• Assist in the performance and organization of a periodic user access review process
• Support development of KPI and KRI to manage team performance and key risk that can impact organizational compliance and regulatory requirements.
• Support the annual PCI Audit as liaison. Validate internal resources, conduct internal artifact collection, support technical interviews, and perform other support activities for this required audit are conducted with the required level of attention to detail to ensure successful completion on time and under budget
• Support efforts of status and performance reporting related to information security, compliance risk and controls effectiveness
• Support efforts to identify risk to the business, quantify/rank risk so the initial impact is visible, work with internal stakeholders to identify ways to remediate/mitigate risk, and manage residual risk to acceptable limits using internal process and documenting in the risk registry.
• Support the continuance of the company’s Information Security Compliance programs, including PCI and SOC, and other related compliance needs as identified
• Maintain and, where necessary, write Information Security, Compliance, and Privacy policies and standards.
• Assist in standardizing general controls, including those managed outside of IT.
• Participate in the planning for disaster recovery and business continuity management programs
• Support remediation processes to address control issues identified, including tracking and managing remediation action plans in a centralized location
• Support Information Security Program growth and management
• Drive Compliance and Privacy Awareness and training efforts throughout the organization
• Lead internal projects and provide guidance/training to less experienced staff.
• Assist in third-party assessments with external business partners and across assigned services resulting in certifications and attestations on time, within budget, while meeting key requirements
• Proactively identify existing and emerging IT risks and report up to IT/IS Management

Preferred Qualifications And Experience

• Experience and knowledge with information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
• Hands-on experience with managing external compliance assessments such as SOC 1/2, ISO 27001, and PCI-DSS
• Demonstrates accountability, leadership, and initiative in complex projects, team building, and other tasks as assigned.
• Bachelor’s degree in Computer Science, Management Information Systems or related technical field.
• Working knowledge of conducting Third Party Service Provider/Vendor risk assessments
• Proficiency in IT Systems and understanding of Networking and Computer Information Systems.
• Technical proficiency with security-related systems and applications, especially Firewalls, IDS/IPS, Vulnerability Assessment tools, Endpoint solutions, Proxy servers, Security Incident and Event Management Systems, Data protection mechanisms (such as FIM and DLP)
• Minimum of 3 years of experience in IT or IS Governance, Risk & Compliance
• Working knowledge and understanding of one or more compliance obligations such as SOC 1/2, ISO 27001, PCI-DSS, NIST 800-53
• One of the following industry security certifications is required: CISA, CISM, CDPSE, CISSP, PCI-PCP, PCI-ISA, or PCI-QSA

Job Competencies

• Well-organized and capable of tracking, managing, and resolving issues on multiple projects simultaneously.
• Strong time and project management skills required.
• Continuous learner.
• Able to negotiate with peers and superiors to ensure the work gets done.
• Excellent written and oral communication skills; ability to communicate at all levels in the organization (with senior management, with technical and business-oriented project staff, with users and stakeholders).
• Ability to work effectively independently
• Proficient skills and knowledge of servant leadership, facilitation, situational awareness, conflict resolution, continual improvement, empowerment, and increasing transparency.
• Ability to gain the confidence of the team as well as Executive-level stakeholders by communicating regularly, keeping commitments and delivering as promised.
• Ability to foster buy-in and cooperation through persuasion, influence, and persistence.
• Self-motivated, professional, flexible, comfortable with ambiguity in a diverse organizational environment.

Primary Location

United States-Arizona-Scottsdale

Job

Information Technology

Schedule

Full-time

Shift

Day Job

Employee Status

Regular

Job Type

Standard

Job Level

Non-Management

Travel

Yes, 10 % of the Time

Job Posting

Feb 23, 2023