Security Compliance Analyst

Join a team of the top 1%.

We believe in attracting and retaining the brightest technical minds from diverse backgrounds and nationalities to come together and create an enriched pool of global talent. Recognized as one of North America's fastest-growing companies, we aim to attract people who are passionate about technology and creating a real impact while working in collaborative environment with the latest technologies.

Our mission is to solve our client's most complex digital challenges by engaging the brightest of technical minds. We are looking for candidates who thrive in an innovative and collaborative environment who love solving problems and having fun while doing it. 

The Security Compliance Analyst is a member of the Global Security Compliance team in the Legal department and is a hands-on, support role of the corporate information security program. This includes ensuring compliance program, and security policy deliverables, are achieved. Also supports the security policies, processes, tools, and standards throughout the organization, through close association with the Global Information Security Group, Information Technology, Internal Audit, Legal, Human Resources, Data Privacy Officers, and other organizations within the corporation, as well as designated external partners.

All successful candidates will have two to three years of Security Operations experience. For the remaining years of experience, Candidates must have experience in handling complex tasks such as technical writing or security policy writing skills, as well as implementing policy, and issuing corrective actions. Candidate must have a strong background in technology, security, and must be highly adaptive. The candidate must also be highly collaborative, organized, analytical, and expected to partner and mentor with other teams effectively on an ongoing basis.

• Identifies policy and process gaps, or breaks, ensures proper segregation of duties, and documents approved exceptions.

• Participates in the drafting, updating, revising, and publication of security policies and other security materials.

• Develops, tests, documents, evaluates, tracks, and improves Security Compliance controls.

• Performs administrative control reviews and recommends remediation actions and alternative approaches to resolve conflicts.

• Identifies, collects, & organizes security incident and event data to produce exception and management reports.

• Supports continuous improvement by developing, operationalizing, and maintaining Security Compliance metrics & documentation. Also provides support for Security Compliance requests and incidents.

• Reviews technology platforms, including operating systems, applications, network devices, and vendors to ensure compliance with established best practices, organizational, and operational policies.

• Participates in Change Control and Release activities to ensure changes & deployments comply with security controls & policies.

• Maintains the Security Questionnaire database and responds to Security Questionnaires, as necessary.

• Prepares risk assessments for third- and fourth-party vendors to advise the business on relevant IT risks associated in using the vendor or technology.

• Must be willing to work nights/weekends/holidays as required.

• Strong conceptual thinking and communication skills - the ability to translate complex business and technical requirements into effective and comprehensible solutions.

• Ability to correlate disparate data sources to produce a complete picture, or view of an event, system, or environment (Connect the dots).

• Working knowledge of various regulations such as SOX, HIPAA, international data privacy regulations such as the European Union General Data Protection Regulation.

• Knowledge of NIST and ISO 27001 security practice frameworks, including Information Security Management Systems (ISMS).

• Knowledge of security controls (e.g., Firewalls, IDS/IPS, VPN, Web Content Filters, Proxies, DLP, SIEM, Log aggregation etc.) Operational experience with one or more common IT infrastructures (Telecom, database, Windows, Active Directory, LDAP, SMTP, DLP, and *NIX server systems, virtualization platforms)

• Working understanding of the Microsoft Office suite, including Access and Visio.

• The following are not essential, but are highly valued;

o SharePoint experience to maintain security sites associated with the Security Compliance Group

o Professional experience or knowledge of application or infrastructure penetration testing

o Basic working knowledge of scripting/programming languages (e.g. Python, PowerShell)

o Basic knowledge of cloud security controls and behaviors.

• Bachelor’s degree in computer science, or equivalent work experience required.

• Professional security management certification, such as an ISC(2) Systems Security Certified Practitioner (SCCP), SANS GIAC Information Security Professional (GISP) is a plus but not required.

EEO 

Accolite is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion or belief, color, ethnic or national origin, marital or domestic relationship, sexual orientation, gender identity, age, citizenship, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Accommodation

Accolite is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or accommodation due to a disability, you may contact us at NA.TalentAcquisition@accolitedigital.com.