Information Security & Compliance Analyst Job Description
Information Security & Compliance Analyst Duties & Responsibilities
To write an effective information security & compliance analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included information security & compliance analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Security & Compliance Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security & Compliance Analyst
List any licenses or certifications required by the position: CISSP, CISA, CISM, HITRUST, CRISC, GIAC, IAT, CCSP, PMP, QSA
Education for Information Security & Compliance Analyst
Typically a job would require a certain level of education.
Employers hiring for the information security & compliance analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Business, Information Security, Education, Information Systems, Information Technology, Management, Management Information Systems, Technology, Engineering
Skills for Information Security & Compliance Analyst
Desired skills for information security & compliance analyst include:
Desired experience for information security & compliance analyst includes:
Information Security & Compliance Analyst Examples
Information Security & Compliance Analyst Job Description
- Assist Program Manager in being liaison and LNE advocate between external security assessment firms and internal operations teams to promote on-time and on-budget completion of engagements
- Assist Program Manager in leading formal presentations of compliance status and issues regularly to IT teams and management
- Participate in the security community such as ISACA, ISC2, SANS Institute
- Performs security assessments/audits of third party service providers/vendors
- Evaluates and documents security risks, vulnerabilities and threats to systems and data
- Consults and supports business unit and corporate IT security staff, network and server administrators, desktop support staff on security issues/incidents and requirements
- Manages internal vulnerability management program
- Serves as a point of contact for information security related audit and assessments requests
- Prepares compliance audit data by compiling and analyzing internal and external information
- Supports departments by collecting and coordinating internal compliance data with auditors and various departments
- Familiarity with common compliance frameworks such as COBIT, COSO, ISO 27K, and industry recognized guidance such as NIST a plus
- Ability to work efficiently and independently with minimal supervision and guidance from the Bangalore office in India supporting the corporate headquarters in the US
- BA or BS degree or higher in IS or related field required
- CISA , CISSP, PMP,CRISC or other relevant designation preferred
- Knowledge of information security standards (e.g., ISO 17799/27002, ), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, ) and desktop, server, application, database, network security principles for risk identification and analysis
- This position requires some weekend and evening assignments availability during off
Information Security & Compliance Analyst Job Description
- Supports responses to RFPs and reviews security sections of the contracts
- Contributes to creating RFP and contract review standard answers knowledge base
- Drives completion of management response and compiles mitigation plans
- Tracks progress of mitigation activities, when applicable
- Enhances compliance department and organization reputation by accepting ownership for accomplishing new and different requests
- Work with business and project managers as new projects and processes with IT reliance are designed
- Assist reviews and assessments with the internal and external auditors
- Conduct both internal and external audits to ensure compliance with all industry-mandated regulations
- Work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, internal policies and procedures
- Assist Corporate Compliance and the Business with all required compliance/security-related documentation
- 5 years of progressive information security and compliance experience, including security in e-commerce, finance and hosted environments or an equivalent combination of education and work experience
- CISSP, GIAC, or similar preferred
- Knowledge of ISO 17799/27002,FFIEC, desktop, server, application, database, network security principles
- Ability to work some weekends / evenings, availability during off hours
- Proficient in working with large-scale business data sets, fluent in scripting and rapid prototyping skills including expertise in SAS, WEKA, SPSS, C/C++/SQL, Perl or Java
- Ability to understand technical aspects of NIST, CSEC, ISO27000 standard and recommendations
Information Security & Compliance Analyst Job Description
- Align policies, standards and procedures with compliance objectives
- Lead departmental compliance meetings
- Produce quality deliverables in a timely fashion
- Prepare metrics and reports for management on the status of Compliance objectives
- Lead IT-related audits and examinations conducted by external parties
- Evaluate and respond to customer security contracts and surveys
- Produce documentation and diagrams as needed
- Remain up to date on current security and privacy related laws, regulations and standards
- Represent the Information Security Team by participating directly with projects and provide guidance, requirements and documentation for security related purposes when requested
- Provide support as may be required to the Information Security Risk Management and Compliance Team
- Bachelor’s degree from a four-year college or university, or equivalent required
- Must have excellent communication and collaboration skills working with IT and business teams
- Minimum 3 - 5 years professional experience in the fields of information security engineering, risk management, audit and compliance
- Knowledge of at least two security controls frameworks (NIST, ISO, CObIT, CSF, CSA)
- The position is located in the GBT Phoenix office
- Work experience in the gathering of network-based and host-based artifacts analysis and forensics
Information Security & Compliance Analyst Job Description
- Inventory, classify, and assess the level of compliance with controls are in place for the information assets of the corporation
- Collects management response and compiles mitigation plans based on inputs provided by stakeholders
- Manages audit process for the Company as they relate to cybersecurity requirements
- Analyzes existing and proposed cybersecurity legislation, regulatory announcements, and industry practices, to determine gaps and impact to the cybersecurity program
- Contributes to the effectiveness of security-related operations
- Assists in daily oversight of a security sub-component
- Participates in evaluation, testing and implementation of emerging control technologies, information systems security issues, safeguards, and techniques applicable to assigned operations area
- Reviews and analyzes data and information to provide insights, conclusions and actionable recommendations
- Produces reports, analyses, findings
- Screens and selects tools to automate security administration
- Ability to understand technical aspects of NIST, CSEC, ISO27000 standards and recommendations
- Vulnerability Management, Firewalls, IDS/IPS, Content Filtering, Anti-Spam, Anti-Virus, Forensic and Data Loss / Leakage tools
- Web Applications (HTML, XML, javascript)
- Knowledge of Enterprise Operations
- Basic Knowledge of Infrastructure Architecture and Design Knowledge
- ISC2 Associate (SSCP) or similar is a must
Information Security & Compliance Analyst Job Description
- Review Policy exception requests to evaluate risk exposure, assign appropriate remediation activities, and track remediation progress to closure
- Conduct assessments to meet compliance mandates, and collaborate with IT and business stakeholders to remediate gaps
- Responsible for tracking, investigation, and responding to any incident and finding reports/discoveries
- Execute and maintain a security awareness program designed to facilitate a safe computing environment for all associates, contractors and other business partners
- Serve as the internal compliance consultant for information security processes
- Monitor changes in legislative, regulatory and statutory obligations pertaining to the healthcare industry in particular and ensure that internal controls remain compliant
- Review all system-related compliance plans and act as liaison for the Information Security Office to the information systems department
- Monitor and track remediation efforts for security and audit deficiencies
- Assist in updating departmental operating procedures
- Assist the IS Compliance team with prioritizing risk-related projects and strategic roadmaps for corporate risk management efforts
- Minimum of three year's within IT, information security, risk or compliance experience
- Working knowledge and understanding of information security risk concepts and principles, as a means of relating business needs to security controls
- Knowledge of and experience in understanding security documentation, and regulatory compliance requirements
- Working knowledge of risk assessment methods and technologies
- Exposure to performing risk, security control and vulnerability assessments
- Prior audit, compliance or governance experience is preferred