Sr. Information Security & Compliance Analyst

Title: Senior Information Security and Compliance Analyst

Location: US Remote

At Lifelong Learner Holdings (proud parent company of PSI Services & Talogy), our mission is to help people meet their potential. That is our core purpose, enabling our vision to empower people in their careers and drive organizational success. We achieve this by being the leading global workforce solutions provider that fuses science, technology, and expertise to deliver best-in-class testing, assessment and development products and services.

LLH’s culture is as strong as the people who embody our core values. These include our drive to work together as one team, to be dependable in our pursuit of rigor and excellence, to value people and respect everyone’s talents, to embrace diversity in perspectives and culture, and to think creatively with the willingness to experiment.

Learn more about what we do at: http://www.psionline.com

About the Role

The Senior Analyst, Security and Compliance leads work on our expanding security and privacy practices as well as our governance, risk, and compliance (GRC) activities. As part of the Information Security & Compliance Office, this role works closely with the Legal, Infrastructure Security, Privacy, Compliance, Information Technology, and product teams to ensure that data security and privacy best practices are incorporated into our products and process and to ensure that the company is meeting our global data security and privacy compliance obligations. The role will contribute to the Information Security & Compliance Office which owns the Global Privacy and Governance Programs, sets the strategy, and sets requirements for compliance and security with the contract and implementation life cycle.

This is a full time, permanent position, Monday to Friday with flexible hours around a standard 0900-1700. The role can be performed remotely, with occasional travel to offices and test centers required to support with audits.

Role Responsibilities

• Raise privacy awareness and acumen to promote and develop awareness of risks and best practice across the company.
• Provide guidance and support on NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF) to help ensure compliance with Federal information Security Management Act (FISMA). Facilitate and manage security and compliance related assessments conducted by third parties.
• Support and in some cases lead on, various GRC capability areas such as enterprise security risk management, compliance management, policy management, SOC 2 certifications, PCI standards and certification, ISO certifications (27001, 14000, 9000 and 20000), NIST CSF.
• Maintain visibility into corporate privacy issues, including US and international privacy laws and regulations and their impacts on PSI’s businesses.
• Work with Legal and Sales teams to identify risks and issues in line with business needs and timescales to support Sales teams in acquiring new business.
• Provide and support the updates of assessment and authorization documentation required for Authority To Operate (ATO) (e.g., System Security Plan (SSP), Information Continuity Plan (ISCP), System Characterization Document (SCD), Plan of Actions and Milestones (POAM) documents))
• Complete RFP/RFI, MSAs, SOWs and Security Questionnaire responses to security, privacy and compliance requirements.
• Support supplier management program activities related to supplier’s information security, risk and compliance status.
• Identify and manage gaps related to security, privacy and compliance and other tasks to support ensuring the group’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection.
• Support the team in maintaining compliance with the EU General Data Protection Regulation and global privacy regulations.
• Collaborate with Information Security, Compliance, and IT teams to build a rinse and repeat approach when dealing with PSI controls and responses to client requests.
• Support the development, documentation and maintenance of policies, procedures, and standards and other regulatory compliance across the organization ranging from Information Security & Data Protection to Quality Management and Environmental.
• Support the implementation and business use of GRC operating model and service-oriented customer engagement model.
• Work with various operational and business teams to identify and drive remedial action activity items, such as risks, remediation plans and continual improvements, to closure.
• Identify and manage gaps related to security and compliance and other tasks to support ensuring PSI’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection.
• Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments and other requests from the business.
• Act as a security, privacy and compliance Subject Matter Expect (SME) and main point of contact and serve in a security and compliance advisory role supporting internal and external customers and providing guidance to stakeholders.

Knowledge, Skills, and Experience Requirements

• Experience managing projects and influencing across a range of business functions and seniorities.
• Experience in a fast-paced GRC/ISO function (desirable).
• US Citizen (preferred)
• Have PCI experience or current certifications, PCIP, certified QSA (desired)
• Experience in working on ISO 27001 certification exercises – from gap analysis, design, implementation to mock audits.
• Experience driving improvements to process and enhancing efficiency.
• Good technical writing skills and proven history of working on contracts and client projects.
• Demonstrable experience on the ability to lead projects/engagements, showing independence and effective team working.
• Holds an active security clearance (desired)
• A solid understanding and demonstrable experience of data management plus data and information security, including working knowledge of latest trends and technologies.
• Operational experience of business continuity and disaster recovery processes.
• Experience in cloud technologies (desired)
• Experience of developing and maintaining business processes.
• Knowledge of the laws, regulations, and standards relating to enterprise security risk management, compliance management, policy management, ISO certifications, SOC 2 certification, PCI, NIST 800-53.
• IT security or information security experience with a proven ability to engage with Senior Management and regulators.
• Skills in Microsoft Office software.
• Audit and compliance experience in leading, managing or supporting third party security related audits and assessments
• Holds current Security, privacy and risk certifications, i.e., CISSP, CRISC, CISA, CISM, CSX-P, CDPSE, CGEIT, CIPP (desired)
• Someone who enjoys responsibility and solving problems. willing to go the extra mile to get things done and are passionate about what they do.
• Consultancy experience and/or demonstratable experience of providing support to various teams and stakeholders.
• Experience working within, achieving and/or maintaining SOC 2 certification, ISO standards such as, ISO 27001, 9001, 14001 and 20000 (essential).

Benefits

Lifelong Learner Holdings offers a competitive and comprehensive benefits package inclusive of:

Medical, Dental, Vision, Life, and Short and Long-Term Disability Insurance

• 401k plan with company match
• Flexible Spending Accounts
• Generous PTO and Holiday Pay

Expressing an interest in employing your time and talent with PSI is paying us the ultimate compliment. We sincerely appreciate your interest!