Job Description
We are looking for IT Risk and Compliance Analyst for a large insurance company located in Sacramento. The candidate is responsible for maintaining the existing IT General Controls (ITGC) testing program and protecting company information and technology assets and ensuring the company is in compliance with security policies, standards, and procedures.
Responsibilities:
SECURITY SYSTEM ASSESSMENTS:
- Conduct ongoing risk assessments to identify risks in the IT systems to identify weaknesses or vulnerabilities that could result in unauthorized access or pose a threat to IT systems.
- Develop and draft recommendations for mitigating or reducing identified risks.
- Provide technical expertise for preparing information and reports on information security issues and help develop policies and procedures.
- Work with IT staff to obtain the evidence required for IT Audits, to assure that the actual results align with the expected. Re-test corrected issues to ensure that deficiencies were addressed effectively and as expected.
- SOC 2 Auditing Process Involvement: Actively participate in the SOC 2 auditing process, aiding in preparation, execution, and post-audit activities
SECURITY MONITORING:
- Monitor IT systems for security violations and other suspicious network activity that poses a risk to the company network and information resources.
- Monitor and detect irregular network activity, viruses, and other malware.
- Ensure that all computers (endpoints) are compliant with security requirements by conducting periodic network scans on computers connected to the network.
- Scan websites to identify critical vulnerabilities and misconfigurations that could expose networks and applications to harm.
- Report on anomalies and make recommendations for corrective action.
- Monitor the email filtering application to identify emails that contain confidential information and review the quarantined emails for policy violations.
- Prepare information security-related reports and other information as needed for management.
SECURITY INCIDENTS:
- Investigate information security incidents and violations, including unauthorized use or disclosure of confidential information.
- Conduct computer forensic analysis and documentation of the root cause analysis and remediation of security events.
- Present findings to upper-level staff & management and perform other security-related duties as assigned.
Requirement
- Bachelor's degree in Computer Science, IT, or related field is preferred
- 5+ years experience with IT security audits, best practices, and standards.
- Knowledge of audit frameworks and Compliance standards, such as COBIT, NIST, SOC 2 is a plus
- Excellent Microsoft Suite experience, specifically Word, Excel, Visio, Outlook, and SharePoint
- Strong analytical and problem-solving skills to identify and address compliance issues.
- Attention to detail to ensure accurate and thorough analysis.
- Ability to document and maintain comprehensive records of compliance tests and assessments.
- Effective communication skills, both written and verbal, to articulate findings, recommendations, and reports.