Chief Compliance and Security Professional

About the Position

As a critical component of our organization's cybersecurity framework, we are seeking a seasoned Senior Security Compliance Analyst to spearhead duties related to compliance certifications, continuous monitoring of controls and operational security administration, analysis of security-related incidents, vulnerabilities and events that may affect our business and its clients.

• The ideal candidate will possess a minimum of 6 years of relevant experience in Compliance and information security.
• They must be well-versed in technologies like Windows, Antivirus, Data Loss Prevention (DLP).
• Experience in Firewalls, Cloud platforms and content filtering solutions is also essential.
• Proficiency in creating and maintaining security policy documents is required.
• A strong background in regular vulnerability and web application scanning methodologies is a plus.
• Crisis management (Incident Management) identification and reporting skills are crucial.
• Network and cloud-based penetration testing experience is necessary.
• Incident response expertise and ability to prepare relevant security metrics dashboards are vital.
• 2-4 years' experience with Firewall, Network, Anti-Virus, DLP, Azure, AWS, and Desktop security administration is required.
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers) is essential.
• Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products is required.
• Insider Threat Hunting and Analysis expertise is necessary.
• 2 + years of professional experience focused on ITIL standards and practices is required.
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR, is necessary.
• Ability to understand enterprise business computing operations/requirements and cloud-based cybersecurity services is essential.
• Working knowledge of DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines) is a plus.
• Must have a general hands-on IT background with the capability and enthusiasm of delving into new technologies.
• Must be willing to work in different time zones.
• Good communication, presentation, documentation skills are required.

Key Responsibilities:

• Provide compliance guidance to cloud security offering business units and product teams.
• Support Internal/External ISO 27001/9001, SOC 2, SOC 1 and any new regional assessments requirements to support business growth.
• Work effectively as part of a geographically distributed team.
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, Cyber Incidence response).
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system and CCTV.
• Interact with various security products and platforms, including: O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS) and others.
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Provide hands on based input of vendor proposals and emerging security technologies and systems.
• Coordinate, track and Manage CEII compliance.
• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications.
• Assist with penetration testing and vulnerability management efforts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises.
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the company.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness.
• Perform continuous monitoring of the controls including but not limited to:
• Track and Monitor ISO and SOC 2, SOC 1 and overall common control framework, gather and review evidences.
• Vulnerability and hardening compliance scan monitoring, reporting and reviews.
• Driving vulnerability remediations within prescribed timeframes.
• Inventory management and reporting.
• Vulnerability deviation request processing, tracking and reviews.
• Plan of Action & Milestones (POA&M) updates and submissions.
• System Security Status reporting.
• Monthly Continuous-Monitoring Metrics reporting.
• Compliance review of Significant change requests.

Desired Skills:

• Good to have experience with regular vulnerability and web application scanning methodologies.
• Project Management knowledge and experience are a strong plus.

To support you in being the best version of yourself during the application and interview process, please let us know if you have any specific requirements.