Compliance Security Analyst Jobs

Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Mature and manage vendor management program.

Drive the compliance program to meet customer requirements/mandates, specifically compliance with NIST SP 800-171, ISO 27001, and SOC 2.

Recommend cybersecurity software tools and assist in the development of software tool requirements and selection criteria.

At least one cyber security certification (CISSP, CCSP, CISA, CRISC, CMMC RP).

Extensive audit experience – conducting internal audits, managing third-party audits, or previous infosec auditor.

Some experience working on IT security controls and have knowledge of Information Security compliance and processes.

Has basic knowledge of Information Security standards and frameworks.

2-3 years of Microsoft Office skills on Word, Excel and PowerPoint.

Related IT securities licenses, industry and/or professional certifications is an advantage

Review and analyze compliance data and information for IT Systems security controls.

Assist on compliance tool implementation.

Knowledge or experience with container management tools such as Docker, Amazon ECS, Kubernetes or equivalent implementations

Knowledge or experience in working with and/or managing vulnerability scanners such as, Tenable, Prisma, Burp Suite, etc..

Validate and drive vulnerability remediation of discovered vulnerabilities

Develop technical knowledge of control implementation

Communicate requirements effectively to internal and external stakeholders

B.S or M.S in Computer Science, Cybersecurity or Information Security, or relevant experience.

Documents credentials in an organized fashion for efficient retrieval in Marriott approved password Management tool.

High school diploma or GED; 2-4 years’ experience in Information Technology or related professional area. OR

2-year degree from an accredited university in Business Administration, Information Technology, or related major; 2 years’ experience or related professional area.

Equivalent work experience, preferably within the hospitality industry at a major hotel chain, in like Information Technology positions.

Demonstrated ability to manage multiple priorities.

Experience with supporting the Opera PMS application and its related services and interfaces

5 years of working experience in access management, data analysis, and/or information security capacity

Experience with user provisioning and access management processes

Assist with daily operational activities and functions of the team to maintain policy, compliance, and risk management commitments

Understand technical implementation details for implementing access management and security controls.

Experience in information security concepts and applying them at scale

Experience working independently and collaboratively across various levels and teams

Supervised project management of assigned client projects ensuring proper information flow, leveled expectations and on time deliverables.

Maintaining working knowledge of Healthcare security/compliance federal, state laws/regulations and third-party standards; including but not limited to HIPAA, HITECH, and HITRUST.

Manage client expectations and facilitate client engagement through the course of assessment.

Must have basic foundational knowledge and understand output from systems such as Anti-malware, Encryption, vulnerability scans, etc.

Basic experience or understanding of report writing and delivery based on results of security assessments is required.

Bachelor's degree in CS / MIS or equivalent experience preferred

Experienced professional who is able to work with limited guidance in a 100% remote environment

Strong knowledge of SOC2, HIPAA, GDPR compliance frameworks

Strong communication skills (written, verbal, and listening)

Must have 3+ years of IT security compliance experience

Keep up to date with SOC2, HIPAA, GDPR, US and EU laws to keep Axcient compliant.

Maintain company policies based on new needs or laws.

Knowledge, Skills, and Experience Requirements

Support the development and maintenance of the Global Information Security Management System (ISMS) Management Committee, including governance related responsibilities.

Information security or compliance experience with a proven ability to engage confidently with Senior Management and staff from all other departments.

A solid understanding and of data management plus data and information security, including working knowledge of latest trends and technologies.

Information security management qualifications or similar.

PCI DSS certifications or experience (PCIP, certified Quality Security Assessor)

- Experience with security monitoring tools, SIEM platforms, log management systems, and vulnerability scanning tools.

- Provide recommendations and guidance to stakeholders on security best practices, risk mitigation strategies, and compliance requirements.

- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).

- Strong knowledge of security frameworks, industry standards, and regulations (e.g., NIST, ISO 27001, PCI-DSS, HIPAA).

- Knowledge of cloud security principles and best practices (AWS, Azure, etc.).

- Relevant certifications such as CISSP, CISM, CEH, or GIAC certifications are highly desirable.

Perform compliance monitoring to identify potential vulnerabilities

Bachelor's Degree in Computer Science, Information System or related fields (or equivalent experience)

3-5 or more years of related work experience.

Ability to effectively prioritize responsibilities with minimum supervision

Excellent verbal and written communications skills

Experience with common computer forensic reporting tools (vulnerability scans, antivirus, GRC tools

Strong knowledge of NIST Risk Management Framework

Perform security assessments and review system security documentation based on FISMA and FedRAMP requirements

Maintain and manage the required systems security documentation on the Share-point Site:

Privacy Impact Assessments (PIA); Security Control Assessments (SCA) Certification

ATO / ATC certifications and re-certifications

Manage the Computer Security Awareness Training and Role-Based Training projects

Strong knowledge of NIST Risk Management Framework

Perform security assessments and review system security documentation based on FISMA and FedRAMP requirements

Maintain and manage the required systems security documentation on the Share-point Site:

Privacy Impact Assessments (PIA); Security Control Assessments (SCA) Certification

ATO / ATC certifications and re-certifications

Manage the Computer Security Awareness Training and Role-Based Training projects

·Solid organizational and time management skills

BA or BS degree or equivalent combination of relevant education and experience

·Provides Business Continuity Management Planning Services to financial, government and professional services clients, including:

oCustomization of Business Continuity Management Plans to client environments

oBusiness Continuity Management Plan Training

5+ years of work experience in technology risk, governance, compliance, information security, or cybersecurity

· Excellent interpersonal and collaboration skills, team player, approachable, professionally mature, relationship management and consulting skills

· Basic project management skills

· Assist with preparing reports for management and control owners on the effectiveness of their control environment.

· Maintain knowledge of overall business issues and objectives, understand company structure and functional responsibility.

· Proven ability to manage tasks fully from inception to completion

· Bachelor’s degree in information technology, information security, accounting, or related field or equivalent experience

Strong technical knowledge in SDLC and software/firmware change management

Partner and coordinate with security teams, external auditors, management, and other testing groups to best address relevant risks to Tesla.

Fundamental understanding of vehicle software, OTA updates, fleet management.

5-8 years of professional Cybersecurity, IT Risk and Compliance, and audit experience

Experience in technical audit methodology (to be able to handle external auditors and regulators) is a must.

Experience implementing security frameworks, such as SOC 2, ISO 27001, UNCE R155/R156, ISO 21434.

Minimum 4 years in IT related roles; 2 years of Information Security and related audit experience required.

Cloud security familiarity and/or experience,

Knowledge of common security tools; GRC-ISMS, SIEM, scan (vulns, configs, software, endpoint).

Experience using common enterprise tools such as Jira, Servicenow, G-Suite, Workday, Slack.

Cloud compliance experience for security and privacy.

Conduct and document security compliance assessments based on a variety of standards.

4 years of management experience

Have 8 years of management experience

Coordinating change management and company-wide announcements

Formal certifications or education credentials

Have experience in all four areas of security, privacy, compliance, and engineering

Have experience supporting medium or large tech organizations

Works with internal teams to properly communicate audit requirements and gather necessary evidence for TradeCentric to successfully pass its audit

Assists Information Security Manager with updating and documenting changes to information security policies, procedures and internal standards

Four plus years of prior compliance experience

Hands on Information Security and/or security compliance experience with Information Security standards, technology and monitoring

Ability to manage demands of internal and external customers and auditors through phone, email and process requests

Auditing or leading experience responding to audits against control frameworks

Support activities pertaining to risk management; execution of the risk strategy inclusive of identification, tracking, and participation within treatment activities.

Working knowledge of common audit and compliance tools. Experience with a GRC tool is a plus.

Couple of years experience in security governance, risk, and compliance or related.

Strong experience responding to client/customer security inquires.

Demonstrable knowledge in the assessment of third-party suppliers.

Strong analytical thinking, written, and oral communication skills.

Support activities pertaining to risk management; execution of the risk strategy inclusive of identification, tracking, and participation within treatment activities.

Working knowledge of common audit and compliance tools. Experience with a GRC tool is a plus.

Couple of years experience in security governance, risk, and compliance or related.

Strong experience responding to client/customer security inquires.

Demonstrable knowledge in the assessment of third-party suppliers.

Strong analytical thinking, written, and oral communication skills.