Epicareer Might not Working Properly
Learn More

Information Security Compliance Analyst

  • Full Time, onsite
  • Goahead Solutions
  • HybridOnsite for the 1st week of training, United States of America
Salary undisclosed

Apply on


Original
Simplified

Seeking an Information Security Compliance Analyst to lead the internal staff in the implementation & execution of technical aspects of an enterprise security plan. Will be the SME on security issues/projects so that team members can increase their security knowledge. Looking for a fast learner who can come up to domain knowledge speed quickly.

Duration: 12 months
Work locations: San Diego (onsite for 2 days of training, remote onward)
****Must currently reside in California and able to work on our W2****

Deliverables/duties:
-Conduct the most complex Risk Assessments (RA s)
-Provide in-depth security knowledge & consultation when analyzing security risks (e.g., analyzing security related reports, evaluating security risks impacting & making recommendations to all programs.
-Develop & maintain security policies and standards based on security framework and industry standards including the identification of risk rating for each security control.
-Train/mentor new/existing ESEC group members on RAs/BRDs/TDDs/security defects (e.g., identify applicable security risks and mitigating controls; review for adherence to the system engineering handbook/security-policies & standards).
-Develop/maintain procedures (e.g., RA/BRD/TDD/security defects)
-Perform analysis on the most complex Security Incident Response (SIR) tickets as needed
-Attend meetings/represent information security for all security matters
-Act as lead/co-lead/backup on assigned information security projects
-Provide skills enhancement at a satisfactory rate & report any issues that may impede the progress of training and mentoring.
-Provide input to contract executives to develop training and mentoring plans to include specific skill sets, tasks, and training methodologies.
-Execute the training and mentoring plan(s) with internal employees and provide input to refine and further develop training and mentoring plans as training progresses.
-Meet & discuss progress of training of internal employees monthly.
-Document a training plan on the mentoring & skill enhancement planner and to monitor progress of training & mentoring with internal employee(s).

Technical working exp./skills:
At least 5 yrs. of information security exp. and at least 2 yrs. of lead/management exp. performing a variety of progressively responsible technical & analytical work.

At least 5yrs of information security practice exp:
-Technical security project management skills.
-Working exp. using best practices standards and frameworks: ISO 27001/27002, PCI: DSS V4; GLBA; HIPPA/HITECH; NIST 800-53; CIS CONTROLS, NIST CSF, CIS RAM
-Hardware: Networks switches, routers, load balancers, servers, storage systems, end-user systems, mobile devices, or other devices that enable the organization to complete its mission
-Operating Systems: Unix, Linux, Windows
-Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
-Network protocols such as: TCP/IP, SNMP, SMTP, NTP, DNS, LDAP, NFS, SAMBA
-Databases: Oracle, SQL, MySQL
-Cloud platforms: IAAS, PAAS, SAAS
-Security concepts such as: Encryption or Hardening
-Security: GRC
-Active Directory
-Programming languages are a plus

Professional skills:
-Strong analytical and critical thinking skills
-Excellent written and oral communication skills to effectively communicate across all levels of the organization
-Proven ability to present to a senior management & executive level audience
-Working experience of security, policy compliance & governance framework including: NIST-800 series, PCI, ISO 27001/27002, ITIL & COBIT
-Expert knowledge in security project management practices
-Self-motivated/self-starter/proactive, working closely & actively communicating with team members to accomplish time critical tasks & deliverables
-Working experience in a highly regulated environment, managing information risks and expectations across multiple stakeholder groups. Working experience of emergent security risks.
-Convey and explain complex problems and solutions in an understandable language to both technical and non-technical people.
-Think creatively & critically, analyzing complex problems, weighing multiple solutions, & carefully selecting solutions appropriate to the business needs, project scope, and available resources
-Take responsibility for the integrity of the solution
-Ability to be a strategic thinker
-Demonstrated ability to influence others
-Exp. managing multiple projects
-At least 5yrs of information security exp.
-CISA, CISM, and/or CISSP certification are required.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job