Information Security & Compliance Analyst

Title: Information Security and Compliance Analyst

Location: US Remote

At Lifelong Learner Holdings (proud parent company of PSI Services & Talogy), our mission is to help people meet their potential. That is our core purpose, enabling our vision to empower people in their careers and drive organizational success. We achieve this by being the leading global workforce solutions provider that fuses science, technology, and expertise to deliver best-in-class testing, assessment and development products and services.

LLH’s culture is as strong as the people who embody our core values. These include our drive to work together as one team, to be dependable in our pursuit of rigor and excellence, to value people and respect everyone’s talents, to embrace diversity in perspectives and culture, and to think creatively with the willingness to experiment.

Learn more about what we do at: http://www.psionline.com

About the Role

The Information Security and Compliance Analyst role works collaboratively with stakeholders across the business on various activities related to quality, environment, governance, risk, data security, privacy and compliance, with the aim of enabling Lifelong Learner and its subsidiaries to comply with SOC, NIST, ISO, PCI and other industry standard frameworks.

This is a full time, permanent position, Monday to Friday with flexible hours around a standard 0900-1700. The role can be performed remotely, with occasional travel to offices and test centres required to support with audits.

Role Responsibilities

• Support the continuation of SOC 2, ISO 27001, ISO 9001, ISO 14001, and ISO 20000 certifications.
• Perform IT and security risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.
• Be a Security and Compliance Champion in promoting and developing awareness of different security and compliance risks and best practices across the company.
• Assist with the development of Governance, Risk, and Compliance (GRC) related newsletters and training.
• Maintain a close relationship with the providers of any outsourced contracts for services such as annual audits or other 3rd party contracts.
• Identify and report on gaps related to security and compliance and other tasks to support the group’s underlying data and information security processes, infrastructure and ensuring measures are fit for purpose and scaled to deliver an appropriate level of protection. working with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure
• Support the development, documentation and maintenance of policies, procedures, and standards across the organization, ranging from Information Security and Data Protection to Quality Management and Environmental Management.
• Drive remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solution within the agreed upon/reasonable SLA.
• Support the development and maintenance of the Global Information Security Management System (ISMS) Management Committee, including governance related responsibilities.
• Provide guidance and support on NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF) to help ensure compliance with Federal information Security Management Act (FISMA). Facilitate and manage security and compliance related assessments conducted by third parties.

Knowledge, Skills, and Experience Requirements

• Information security management qualifications or similar.
• Information security or compliance experience with a proven ability to engage confidently with Senior Management and staff from all other departments.
• Holds current Security, privacy and risk certifications such as CISSP, CRISC, CISA, CISM, CSX-P, CDPSE, CGEIT, CIPP (desired)
• Holds an active security clearance (desired)
• Experience in cloud technologies (desired)
• A solid understanding and of data management plus data and information security, including working knowledge of latest trends and technologies.
• US Citizen (preferred)
• Experience working in security standards and assessments including gathering evidence for audits and gap analysis.
• Consultancy experience and/or demonstratable experience of providing support to various teams and stakeholders.
• Governance experience – organizing meetings/training, writing agendas, taking minutes, managing action logs.
• Experience working on Microsoft Office products and can learn new systems quickly.
• Bachelor’s Degree, Information Systems, Computer Science, Information Security or similar.
• Knowledge of the laws, regulations, and standards relating to enterprise security risk management, compliance management, policy management, certifications (SOC 2, PCI, ISO 27001, 14000, 9000 and 20000, NIST 800-53)
• Experience working alongside an Agile software development, SCRUM environment (desired)
• Someone who is highly organized, reliable, flexible and has exceptional attention to detail.
• PCI DSS certifications or experience (PCIP, certified Quality Security Assessor)

Benefits

PSI offers a competitive and comprehensive benefits package inclusive of:

Medical, Dental, Vision, Life, and Short and Long-Term Disability Insurance

• 401k plan with company match
• Flexible Spending Accounts
• Generous PTO and Holiday Pay

Expressing an interest in employing your time and talent with PSI is paying us the ultimate compliment. We sincerely appreciate your interest!