Senior Security Compliance Analyst

This job requires a skilled security compliance specialist to perform duties related to compliance certifications, continuous monitoring of controls and operational security administration, analysis of security-related incidents, vulnerabilities, and events that may affect the organization and its clients.

• Provide guidance on compliance requirements to cloud security offering business units and product teams.
• Support internal/external ISO 27001/9001, SOC 2, SOC 1, and any new regional assessments requirements to support business growth.
• Work effectively as part of a geographically distributed team.
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, Cyber Incident response).
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system, and CCTV.
• Interact with various security products and platforms, including O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS), and others.
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Provide hands-on based input of vendor proposals and emerging security technologies and systems.
• Coordinate, track, and Manage CEII compliance.
• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications.
• Assist with penetration testing and vulnerability management efforts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises.
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the organization.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness.
• Perform continuous monitoring of the controls including but not limited to:
• Track and Monitor ISO and SOC 2, SOC 1, and overall common control framework, gather and review evidences.
• Vulnerability and hardening compliance scan monitoring, reporting, and reviews.
• Driving vulnerability remediations within prescribed timeframes.
• Inventory management and reporting.
• Vulnerability deviation request processing, tracking, and reviews.
• Plan of Action & Milestones (POA&M) updates and submissions.
• System Security Status reporting.
• Monthly Continuous-Monitoring Metrics reporting.
• Compliance review of Significant change requests.

Requirements:

• Minimum 6 years of related experience in Compliance and information security.
• Well-versed in technologies like Windows, Antivirus, Data loss prevention (DLP).
• Must have experience in Firewalls, Cloud platforms, and content filtering solutions.
• Must have experience in creating and maintaining security policy documents.
• Good to have experience with regular vulnerability and web application scanning methodologies.
• Crisis management (Incident Management) identification and reporting.
• Network and cloud-based penetration testing experience required.
• Incident response experience and prepare relevant security metrics dashboards.
• 2-4 years' experience with Firewall, Network, Anti-Virus, DLP, Azure, AWS, and Desktop security administration.
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers).
• Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products.
• Insider Threat Hunting and Analysis.
• 2 + years of professional experience focused on ITIL standards and practices.
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR.
• Ability to understand enterprise business computing operations/requirements, and cloud-based cybersecurity services.
• Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines).
• Must have a general hands-on IT background with the capability and enthusiasm of delving into new technologies.
• Must be willing to work in different time zones.
• Good communication, presentation, documentation skills.
• Collaborate closely with Cloud Ops, IT, and other functions as a first-line security point of contact within the GRC team.

Benefits:

• Opportunity to work with a geographically distributed team.
• Chance to develop and maintain security operations processes & documentation.
• Experience with various security products and platforms.
• Hands-on based input of vendor proposals and emerging security technologies and systems.
• Training and development opportunities.

Others:

• Good communication and teamwork skills.
• Professional certification in security or related field (e.g. CISSP, CISM).
• Background check required.