Information Security Compliance Analyst
Information Security Compliance Engineer
**Looking for someone that has experience around reviewing SOC 2 controls.**
Description: The Senior Information Security Compliance Analyst (SISCA) will be responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the SISCA's responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.
- Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.
- Map company requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiencies.
- Track enterprise compliance across multiple security frameworks including SOC 2, NIST and FISMA and maintain up-to-date records of requirements and corresponding mitigating controls.
- Monitor third-party risk assessments and assist in performing internal risk assessments.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
- Monitor company's change management process to ensure compliance.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
- Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
- Bachelor's degree in business, with IT audit or compliance experience, or computer science, with business and IT audit or compliance experience desired
- Knowledge and understanding of FISMA, NIST and SOC-2 information security standards
- Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired
- Minimum five years' experience conducting security control assessments or audits
- Minimum two years' experience developing or managing a security awareness program
- SOC-2 audit experience from a major professional services firm highly desired
- At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired
- Strong oral and written communication skills
- Ability to maintain security documentation and manuals
- Must have strong analytical and critical-thinking skills
- High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities