We are seeking an IT Compliance Analyst to lead and support compliance program initiatives. This position requires strong compliance experience, strong technical expertise (including technology and data security), proactive problem-solving skills, and the ability to work in a fast-paced environment to ensure systems and data meet internal and external regulatory requirements. This position will report to the SR Information Security Manager (Governance, Risk, and Compliance).
Required Experience (5+ years):
Experience conducting security compliance and assessments in highly regulated industries like finance, healthcare, or government.
Experience leading access reviews for on-prem and cloud applications to ensure appropriate access.
Experience and proficiency in conducting user access reviews and implementing and delivering effective mitigation strategies to ensure the safety and security of systems and operations.
Experience with development and improvement of access review methodology for ongoing compliance efforts.
Experience with ensuring compliance with Board policies and SOPs through periodic access reviews.
Experience with regular review, testing, and reporting on the effectiveness of logical security controls.
Experience with technical recovery solutions and system restoration proficiency.
Experience with industry standards compliance and regulatory requirements.
Experience and proficiency in Security Compliance and Regulatory Concepts, exemplified by a comprehensive understanding of relevant laws, regulations, and industry standards.
In-depth understanding of governance, risk and compliance (GRC) in the realm of information security principles and best practices.
Experience analyzing security controls and compliance measures with meticulous attention to detail, especially in addressing audit findings, and implementing compensating control where appropriate.
Experience with regulatory frameworks such as GDPR, HIPAA, PCI DSS, or ISO 27001.
Experience and extensive knowledge of best practices and industry standards such as NIST SP 800-53, and the Center for Information Security (CIS) Benchmarks.
Experience demonstrating adaptability to new technologies and changing security landscapes.
Experience demonstrating commitment to continuous learning in disaster recovery concepts.
Experience with cross-functional collaboration with business units and IT.
Experience demonstrating strong problem-solving, troubleshooting, and effective communication skills for technical and non-technical audiences.
Preferred Education/Certification
Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Advanced certifications like Certified Information System Security Specialist (CISSP), Certified Information Security Auditor (CISA), or Certified Information Security Manager (CISM).
Required Education
Bachelor's degree in Computer Science, Information Technology, or a related field,
Equivalent work experience may replace a Bachelor's degree.
Responsibilities
Lead internal, vendor-managed, and cloud-hosted application access reviews to ensure access appropriateness.
Develop, maintain, and improve access review methodology.
Work with business units, control owners, and IT support staff to remediate access where deficiencies are identified.
Ensure compliance with the applicable Board policies and Standard Operating Procedures per periodic access reviews.
Identify manual security compliance controls that can be improved through automation and design and/or work with internal teams for said automation.
Recommend new security compliance metrics and automate reporting of existing metrics.
Actively review, test, analyze and report on the effectiveness and state of all required logical security controls.
Present data, metrics, and other findings to key internal stakeholders.
Seniority level
Associate
Employment type
Contract
Job function
Information Technology
Industries
IT Services and IT Consulting
Referrals increase your chances of interviewing at MANDO TECHNOLOGIES INC by 2x