Information Security & Compliance Analyst Job Description
Information security & compliance analyst
provides guidance regarding PCI requirements and key domains of security controls including change management, system access, network, encryption, security testing, policy, and etc.
Information Security & Compliance Analyst Duties & Responsibilities
To write an effective information security & compliance analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included information security & compliance analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Lead the assessment of compliance with security regulations such as PCI, GLBA, FFIEC
Manages security compliance activities for customer, PCI, and internal audit reviews
Examine and evaluate internal controls based on various security and privacy standards (PCI, SOC2, NIST)
Perform audit testing of controls
Monitor compliance with information security policies and practices and any applicable laws
Manage internal and external security assessments and risk analysis
Conduct periodic application security health checks
Actively participate in the security community such as ISACA, ISC2, SANS Institute
Conducts intelligence analysis of external threats targeting the retail and banking industry leverages internal data stores in order to gauge the potential impact on business operations
Assist the Program Manager with the management of Live Nation’s Information Security Compliance Programs internationally
Information Security & Compliance Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security & Compliance Analyst
List any licenses or certifications required by the position: CISSP, CISA, CISM, HITRUST, CRISC, GIAC, IAT, CCSP, PMP, QSA
Education for Information Security & Compliance Analyst
Typically a job would require a certain level of education.
Employers hiring for the information security & compliance analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Business, Information Security, Education, Information Systems, Information Technology, Management, Management Information Systems, Technology, Engineering
Skills for Information Security & Compliance Analyst
Desired skills for information security & compliance analyst include:
Cloud computing and security management
Diverse information technology architectures and designs
Encryption
General audit principles
Internet extranet security
Metrics collection and reporting
Network and web technology
PCI
Procedures and policies pertaining to data access and information systems
Security administration processes and frameworks
Desired experience for information security & compliance analyst includes:
Experience working with or utilizing the RSA Archer eGRC application a plus
Practical understanding of IT Security Compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices
Strong analytical, diagnostic, critical thinking and project management skills
BA or BS degree in IS or related field required
Ability to work with a broad spectrum of people with various technical acumen
Superb ability to represent data in graphical form
Information Security & Compliance Analyst Examples
1
Information Security & Compliance Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking for an information security & compliance analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information security & compliance analyst
- Assist Program Manager in being liaison and LNE advocate between external security assessment firms and internal operations teams to promote on-time and on-budget completion of engagements
- Assist Program Manager in leading formal presentations of compliance status and issues regularly to IT teams and management
- Participate in the security community such as ISACA, ISC2, SANS Institute
- Performs security assessments/audits of third party service providers/vendors
- Evaluates and documents security risks, vulnerabilities and threats to systems and data
- Consults and supports business unit and corporate IT security staff, network and server administrators, desktop support staff on security issues/incidents and requirements
- Manages internal vulnerability management program
- Serves as a point of contact for information security related audit and assessments requests
- Prepares compliance audit data by compiling and analyzing internal and external information
- Supports departments by collecting and coordinating internal compliance data with auditors and various departments
Qualifications for information security & compliance analyst
- Familiarity with common compliance frameworks such as COBIT, COSO, ISO 27K, and industry recognized guidance such as NIST a plus
- Ability to work efficiently and independently with minimal supervision and guidance from the Bangalore office in India supporting the corporate headquarters in the US
- BA or BS degree or higher in IS or related field required
- CISA , CISSP, PMP,CRISC or other relevant designation preferred
- Knowledge of information security standards (e.g., ISO 17799/27002, ), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, ) and desktop, server, application, database, network security principles for risk identification and analysis
- This position requires some weekend and evening assignments availability during off
2
Information Security & Compliance Analyst Job Description
Job Description Example
Our growing company is looking to fill the role of information security & compliance analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information security & compliance analyst
- Supports responses to RFPs and reviews security sections of the contracts
- Contributes to creating RFP and contract review standard answers knowledge base
- Drives completion of management response and compiles mitigation plans
- Tracks progress of mitigation activities, when applicable
- Enhances compliance department and organization reputation by accepting ownership for accomplishing new and different requests
- Work with business and project managers as new projects and processes with IT reliance are designed
- Assist reviews and assessments with the internal and external auditors
- Conduct both internal and external audits to ensure compliance with all industry-mandated regulations
- Work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, internal policies and procedures
- Assist Corporate Compliance and the Business with all required compliance/security-related documentation
Qualifications for information security & compliance analyst
- 5 years of progressive information security and compliance experience, including security in e-commerce, finance and hosted environments or an equivalent combination of education and work experience
- CISSP, GIAC, or similar preferred
- Knowledge of ISO 17799/27002,FFIEC, desktop, server, application, database, network security principles
- Ability to work some weekends / evenings, availability during off hours
- Proficient in working with large-scale business data sets, fluent in scripting and rapid prototyping skills including expertise in SAS, WEKA, SPSS, C/C++/SQL, Perl or Java
- Ability to understand technical aspects of NIST, CSEC, ISO27000 standard and recommendations
3
Information Security & Compliance Analyst Job Description
Job Description Example
Our company is looking for an information security & compliance analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security & compliance analyst
- Align policies, standards and procedures with compliance objectives
- Lead departmental compliance meetings
- Produce quality deliverables in a timely fashion
- Prepare metrics and reports for management on the status of Compliance objectives
- Lead IT-related audits and examinations conducted by external parties
- Evaluate and respond to customer security contracts and surveys
- Produce documentation and diagrams as needed
- Remain up to date on current security and privacy related laws, regulations and standards
- Represent the Information Security Team by participating directly with projects and provide guidance, requirements and documentation for security related purposes when requested
- Provide support as may be required to the Information Security Risk Management and Compliance Team
Qualifications for information security & compliance analyst
- Bachelor’s degree from a four-year college or university, or equivalent required
- Must have excellent communication and collaboration skills working with IT and business teams
- Minimum 3 - 5 years professional experience in the fields of information security engineering, risk management, audit and compliance
- Knowledge of at least two security controls frameworks (NIST, ISO, CObIT, CSF, CSA)
- The position is located in the GBT Phoenix office
- Work experience in the gathering of network-based and host-based artifacts analysis and forensics
4
Information Security & Compliance Analyst Job Description
Job Description Example
Our growing company is looking to fill the role of information security & compliance analyst. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for information security & compliance analyst
- Inventory, classify, and assess the level of compliance with controls are in place for the information assets of the corporation
- Collects management response and compiles mitigation plans based on inputs provided by stakeholders
- Manages audit process for the Company as they relate to cybersecurity requirements
- Analyzes existing and proposed cybersecurity legislation, regulatory announcements, and industry practices, to determine gaps and impact to the cybersecurity program
- Contributes to the effectiveness of security-related operations
- Assists in daily oversight of a security sub-component
- Participates in evaluation, testing and implementation of emerging control technologies, information systems security issues, safeguards, and techniques applicable to assigned operations area
- Reviews and analyzes data and information to provide insights, conclusions and actionable recommendations
- Produces reports, analyses, findings
- Screens and selects tools to automate security administration
Qualifications for information security & compliance analyst
- Ability to understand technical aspects of NIST, CSEC, ISO27000 standards and recommendations
- Vulnerability Management, Firewalls, IDS/IPS, Content Filtering, Anti-Spam, Anti-Virus, Forensic and Data Loss / Leakage tools
- Web Applications (HTML, XML, javascript)
- Knowledge of Enterprise Operations
- Basic Knowledge of Infrastructure Architecture and Design Knowledge
- ISC2 Associate (SSCP) or similar is a must
5
Information Security & Compliance Analyst Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information security & compliance analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information security & compliance analyst
- Review Policy exception requests to evaluate risk exposure, assign appropriate remediation activities, and track remediation progress to closure
- Conduct assessments to meet compliance mandates, and collaborate with IT and business stakeholders to remediate gaps
- Responsible for tracking, investigation, and responding to any incident and finding reports/discoveries
- Execute and maintain a security awareness program designed to facilitate a safe computing environment for all associates, contractors and other business partners
- Serve as the internal compliance consultant for information security processes
- Monitor changes in legislative, regulatory and statutory obligations pertaining to the healthcare industry in particular and ensure that internal controls remain compliant
- Review all system-related compliance plans and act as liaison for the Information Security Office to the information systems department
- Monitor and track remediation efforts for security and audit deficiencies
- Assist in updating departmental operating procedures
- Assist the IS Compliance team with prioritizing risk-related projects and strategic roadmaps for corporate risk management efforts
Qualifications for information security & compliance analyst
- Minimum of three year's within IT, information security, risk or compliance experience
- Working knowledge and understanding of information security risk concepts and principles, as a means of relating business needs to security controls
- Knowledge of and experience in understanding security documentation, and regulatory compliance requirements
- Working knowledge of risk assessment methods and technologies
- Exposure to performing risk, security control and vulnerability assessments
- Prior audit, compliance or governance experience is preferred