Junior Information Security Compliance Analyst Jobs

Provide recommendations for security improvements to management and senior IT staff.

Identify vulnerabilities within our systems, particularly focusing on CorVel systems.

A minimum of 1 year's experience in the security field, including security policy development.

Proficiency with Microsoft environments, with at least 5 years of experience.

Exceptional written and verbal communication skills.

Experience in communicating, planning, and implementing security recommendations.

Experience with project management and industry best practices

Prepare Incident Response documentation, IR Playbooks, KRI/KPIs, and other related items for Senior Management

Prepare formal and informal reports with security requirements on security incidents, system vulnerabilities, and ongoing compliance functions

Provide technical support to design, develop, engineer and implement security requirements for new and existing hardware, networks, and applications

3-5+ years of experience in a similar position

Strong communication skills. Ability to clearly and concisely articulate ideas, solutions, etc.

Some experience working on IT security controls and have knowledge of Information Security compliance and processes.

Has basic knowledge of Information Security standards and frameworks.

2-3 years of Microsoft Office skills on Word, Excel and PowerPoint.

Related IT securities licenses, industry and/or professional certifications is an advantage

Review and analyze compliance data and information for IT Systems security controls.

Assist on compliance tool implementation.

Assist in the management of customer relationships to collaborate on the assessment of system audit compliance-related risk.

Conduct security assessments and ensure system compliance with contingency planning requirements.

Experience with Microsoft Office, including Word, Visio, Excel, PowerPoint, and Teams.

Previous experience supporting a federal or state government agency preferred, especially the Veterans Affairs.

Knowledge of the Internet of Things and/or medical device Cybersecurity.

Knowledge of the VHA Handbook 1200, the VA Handbooks and Directives, data security, governance, and/or HIPAA.

5 years of working experience in access management, data analysis, and/or information security capacity

Experience with user provisioning and access management processes

Assist with daily operational activities and functions of the team to maintain policy, compliance, and risk management commitments

Understand technical implementation details for implementing access management and security controls.

Experience in information security concepts and applying them at scale

Experience working independently and collaboratively across various levels and teams

Manages and monitors PCI systems and the CDE (Cardholder Data Environment) Network

Provides comprehensive Monthly Security Report to Information Technology Manager

Familiar with information requirements and solutions using computer network and databases as related to IT processes.

Identifies and addresses security breaches by

Maintains secure digital infrastructure by monitoring current security alerts and by

Coordinates enterprise level security policies by

Supervised project management of assigned client projects ensuring proper information flow, leveled expectations and on time deliverables.

Maintaining working knowledge of Healthcare security/compliance federal, state laws/regulations and third-party standards; including but not limited to HIPAA, HITECH, and HITRUST.

Manage client expectations and facilitate client engagement through the course of assessment.

Must have basic foundational knowledge and understand output from systems such as Anti-malware, Encryption, vulnerability scans, etc.

Basic experience or understanding of report writing and delivery based on results of security assessments is required.

Bachelor's degree in CS / MIS or equivalent experience preferred

Experience working with SIEM technology to monitor and manage security events.

1+ years of experience working in a 24x7x365 SOC environment.

Experience utilizing enterprise security technologies such as SIEM/SOAR, NGAV/EDR, Vulnerability Scanners, and Threat Intelligence Platforms.

Experience and ability to use and follow Standard Operating Procedures (SOPs)

Demonstrated experience and understanding of event timeline analysis and correlation of events between log sources

Demonstrated experience of the underlying logs generated by operating systems (Linux/Windows), Network Security Devices, and other enterprise tools

Moderate understanding of security concepts, risk, and demonstrated communication skills

Resource MUST have solid communication skills, customer facing role

Demonstrated technical competence showing the capability of growing into a resource that can improve state defensive capabilities

We need a minimum of 2+Years hands on experience in the following.

Understand concepts behind technical tools to conduct assessments on the environment and play a role in processes

Ability to work autonomously and handle multiple assignments

Experienced professional who is able to work with limited guidance in a 100% remote environment

Strong knowledge of SOC2, HIPAA, GDPR compliance frameworks

Strong communication skills (written, verbal, and listening)

Must have 3+ years of IT security compliance experience

Keep up to date with SOC2, HIPAA, GDPR, US and EU laws to keep Axcient compliant.

Maintain company policies based on new needs or laws.

Knowledge, Skills, and Experience Requirements

Support the development and maintenance of the Global Information Security Management System (ISMS) Management Committee, including governance related responsibilities.

Information security or compliance experience with a proven ability to engage confidently with Senior Management and staff from all other departments.

A solid understanding and of data management plus data and information security, including working knowledge of latest trends and technologies.

Information security management qualifications or similar.

PCI DSS certifications or experience (PCIP, certified Quality Security Assessor)

Strong knowledge of NIST Risk Management Framework

Perform security assessments and review system security documentation based on FISMA and FedRAMP requirements

Maintain and manage the required systems security documentation on the Share-point Site:

Privacy Impact Assessments (PIA); Security Control Assessments (SCA) Certification

ATO / ATC certifications and re-certifications

Manage the Computer Security Awareness Training and Role-Based Training projects

·Solid organizational and time management skills

BA or BS degree or equivalent combination of relevant education and experience

·Provides Business Continuity Management Planning Services to financial, government and professional services clients, including:

oCustomization of Business Continuity Management Plans to client environments

oBusiness Continuity Management Plan Training

5+ years of work experience in technology risk, governance, compliance, information security, or cybersecurity

Strong analytical and problem-solving skills, with the ability to identify and mitigate information security risks

Excellent communication and interpersonal skills, with the ability to effectively communicate technical information to non-technical audiences

Participate in the identification and assessment of information security risks, and assist in the development and implementation of risk mitigation strategies.

Assist the Senior Information Security Compliance Analyst in other related duties as assigned.

Familiarity with industry best practices for information security compliance, such as ISO 27001 and NIST Cybersecurity Framework

About The University At Buffalo