Senior Cybersecurity Compliance Specialist

About this position

• We are seeking a Senior Security Compliance Analyst to perform duties related to compliance certifications, continuous monitoring of controls and operational security administration, analysis of security-related incidents, vulnerabilities, and events that may affect our organization and its clients.

Key Responsibilities

• The successful candidate will provide compliance guidance to cloud security offering business units and product teams.
• Support internal and external ISO 27001/9001, SOC 2, SOC 1, and any new regional assessments requirements to support business growth.
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, cyber incident response).
• Maintain event collection environment through health monitoring and logs from firewalls, VPN, email protection, network analytics, access control cards system, and CCTV.
• Interact with various security products and platforms, including: O365, MimeCast, WorkspaceOne, Fortinet, cloud hosting providers (Azure, AWS), and others.
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Coordinate, track, and manage CEII compliance.
• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications.
• Assist with penetration testing and vulnerability management efforts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises.
• Assist in risk management, vendor management, and governance of information security policies across the organization.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness.
• Perform continuous monitoring of the controls including but not limited to:
• Track and monitor ISO and SOC 2, SOC 1, and overall common control framework, gather and review evidence.
• Vulnerability and hardening compliance scan monitoring, reporting, and reviews.
• Driving vulnerability remediations within prescribed timeframes.
• Inventory management and reporting.
• Vulnerability deviation request processing, tracking, and reviews.
• Plan of action and milestones (POA&M) updates and submissions.
• System security status reporting.
• Monthly continuous-monitoring metrics reporting.
• Compliance review of significant change requests.

Benefits

• We offer a competitive compensation package, excellent benefits, and opportunities for professional growth and development.

Requirements

• Candidate Requirements & Qualifications

• Minimum 6 years of related experience in compliance and information security.
• Well-versed in technologies like Windows, antivirus, data loss prevention (DLP).
• Must have experience in firewalls, cloud platforms, and content filtering solutions.
• Must have experience in creating and maintaining security policy documents.
• Good to have experience with regular vulnerability and web application scanning methodologies.
• Crisis management (incident management) identification and reporting.
• Network and cloud-based penetration testing experience required.
• Incident response experience and prepare relevant security metrics dashboards.
• 2-4 years' experience with firewall, network, antivirus, DLP, Azure, AWS, and desktop security administration.
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers).
• Familiarity with IDS/IPS systems and endpoint antivirus and EDR products.
• Insider threat hunting and analysis.
• 2 + years of professional experience focused on ITIL standards and practices.
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR.
• Ability to understand enterprise business computing operations/requirements, and cloud-based cybersecurity services.
• Working knowledge DevOps concepts (e.g., infrastructure as code, deployment pipelines).
• Must have a general hands-on IT background with the capability and enthusiasm of delving into new technologies.
• Must be willing to work in different time zones.
• Good communication, presentation, documentation skills.
• Collaborate closely with Cloud Ops, IT, and other functions as a first-line security point of contact within the GRC team.