Job Details

ID #20184961
State Washington
City Seattle-tacoma
Job type Permanent
Salary USD BASED ON EXPERIENCE BASED ON EXPERIENCE
Source eXcell, a division of CompuCom Systems, Inc.
Showed 2021-09-24
Date 2021-09-23
Deadline 2021-11-21
Category Et cetera
Create resume

Information Security Analyst

Washington, Seattle-tacoma, 98101 Seattle-tacoma USA

Vacancy expired!

At eXcell, we set you up for job success right from the start. Our precision recruiting process aligns the right fit for the right people. Our client is looking for an Information Security Analyst to help assesses the security controls in place at their global office locations to ensure appropriate implementation and security threats are identified. As a senior member of the corporate Governance, Risk and Compliance (GRC) security team, the candidate will complete assessment preparation, fieldwork, and reports and recommendations. The position will be based in Seattle, WA and assessments may require periodic travel (up to 30-35%) to other offices upon return to normal business. This role will be part of a team of collaborative reviewers and function as a member of the Information Security team, reporting to the Information Security Review Manager.Responsibilities:

  • Assume full ownership of assessing a comprehensive governance program including making risk-based recommendations where appropriate to improve the security posture of the organization through defined security policies, standards, and procedures
  • Review enterprise policies, standards and framework for governance, risk & compliance
  • Identify key risks and controls, controls optimization, including the configuration of controls around security, and business processes across a wide range of business environments
  • Work cooperatively with business stakeholders to provide consultation to the organization on the comprehensive information security Risk Management Program to identify, quantify, classify, and manage security risks
  • Identify key risks and controls, controls optimization, including the configuration of controls around security, and business processes across a wide range of business environments
  • Validate the key controls with the stakeholders on a periodic basis to provide an early warning to management for timely correction and remediation action
  • Work as the subject matter expert and leader on all aspects of compliance, governance, and risk management
  • Apply understanding of the organization Information Security Policy to local business environment.
  • Prepare assessment reports on findings and recommendations to senior management
  • Review legal agreements and IS questionnaires to ensure consistency with the organization Information Security Policy
  • Coordinate and respond to requests from external, independent 3rd party auditors on an ad hoc basis in support of SOC2 (or related technology / security assessments) for remote offices
  • Mentor others to increase team competency and continually build a culture of constant improvement
  • In addition to internal security assessments, this role has an adjunct responsibility to assist with the review of contract terms (and other legal agreements), responding to information security inquiries, and organizing responses to various internal and external security audits
Required Skills and Qualifications:
  • BS Degree in Information Security or related discipline or equivalent experience
  • The ideal candidate must be equipped with one or more relevant industry-standard certifications (such as CISA, CISSP, CRISC, or CISM)
  • The ideal candidate must have minimum 8 years of experience in building and managing compliance and risk management programs, including hands-on control design and effectiveness evaluation
  • Must have previous experience with ISO 27001 / 2, NIST 800 Series, HITRUST CSF and other industry regulatory controls (HIPAA)
  • Must understand Cloud Security Controls such as CSA Cloud Controls Matrix (CCM)
  • Must have broad understanding of privacy regulations (HIPPA, GDPR and similar)
  • Must have previous knowledge of GRC tools / technologies
  • Must have the strong ability to interpret information security data and processes to identify potential compliance issues
  • Must have the ability to communicate Information Security matters clearly and effectively to executives, auditors, and end users
  • Must have excellent verbal and written communication skills including writing reports to convey technical and compliance related information to a business audience
  • Must have excellent project management skills including the ability to prepare prioritize and complete work plans
  • Must be proficient with Excel, running and creating functions, pivot tables and charts
Preferred Skills and Qualifications:
  • Experience leading a team of analysts and junior level GRC professionals
  • Advanced Excel skills with ability to compile and analyze broad data sets using complex functions and to contribute to the development of automated reporting and dashboards
  • Broad technical knowledge of information systems and their security areas such as networking, operating systems and identity access management
  • Experience with secure software development lifecycle
W2 only, no Corp to Corp. We are unable to sponsor H1B visas at this time. eXcell Supports Equal Employment Opportunity eXcell , a division of CompuCom Systems, Inc., a global company headquartered in Bellevue, Washington, provides IT staffing services and solutions to Fortune 1000 companies as well as small and medium business. For more information, visit www.excell.com. INDDIP

Vacancy expired!

Subscribe Report job