Information Security Compliance Analyst (REMOTE)

Tech Talent Link

Apply Now

Position Overview
The Sr. Information Security GRC Analyst will assist with efforts for managing information security compliance and risk across the company’s lines of business. The analyst will be responsible for ongoing security and compliance assurance to regulations and standards, and the identification and assessment of information risk.

***We are unable to work with 3rd-party or corp-to-corp candidates for this position***
This position is 100% remote

Responsibilities

  • Keep up-to-date and provide expert advice on cybersecurity compliance trends, risks, and industry recommended practices
  • Drive toward and facilitate maintenance of SOC2 and ISO 27001 certification
  • Perform assessments and drive efforts to maintain HIPAA security, PCI DSS, and 21 CFR Part 11 compliance
  • Assist Sales and Support during pre-sales, contract negotiations and with continued client relationship management with by facilitating the completion of customer security questionnaires
  • Lead engagements with external auditors and customer led security audits that evaluate data protection controls
  • Document and manage the security risk acceptance process
  • Apply ingenuity and creativity to problem analysis and resolution

 
Requirements 

  • 5 years – Information Security and/or IT audit experience
  • Strong understanding of information security standards and frameworks (ISO 27001, SOC 2, NIST 800 series)
  • Familiarity with domestic and international security and privacy regulations and standards
  • Hands on experience:
    • performing security risk assessments and an understanding of industry approaches to risk management
    • maintaining corporate compliance with data protection laws, HIPAA Omnibus Rules, and PCI Data Security Standards by assessing and advising, drafting policies and procedures, and implementing practices
    • implementing the security framework ISO 27001/27002 and NIST Special Publication 800 series security standards
    • preparing a company for a successful (unqualified) SOC 2 attestation
    • evaluating vendor cybersecurity risks
    • responding to large customer cybersecurity questionnaires
  • Familiarity with 21 CFR Part 11, HITRUST, and the BITS Shared Assessments program preferred
  • Maintenance of a current cybersecurity certification such as SANS GIAC, CISM, CISA, or CISSP
  • High level of personal integrity, with the ability to professionally handle confidential matters.
  • Excellent communication and interpersonal skills, that reflect an appropriate level of judgment and maturity
  • Education: Bachelors + 5 years of related experience, or Masters + 3 years of related experience

Apply Now

  Apply with Google   Apply with Twitter
  Apply with Github   Apply with Linkedin   Apply with Indeed
  Stack Overflow