Security & Compliance Job Description
Security & compliance
provides subject matter expertise on compliance frameworks, including ISO 27001, SOC I and II, PCI, GDPR, HIPAA, FedRAMP, NIST, MLPS, and more.
Security & Compliance Duties & Responsibilities
To write an effective security & compliance job description, begin by listing detailed duties, responsibilities and expectations. We have included security & compliance job description templates that you can modify and use.
Sample responsibilities for this position include:
Cyber Security qualifications (CISSP, CISM, PCI QSA, CISA, ISO27001 )
Contribution on architectural design and review for Compliance Monitoring solutions
Contribution for conceptual and architectural design of worldwide solution rollout
Application engineering and configuration of Compliance Monitoring solutions
Elaborate roadmaps in collaboration with product management (based in Switzerland)
Contribution to reducing inherited complexity by decommissioning of legacy, non-strategic products and solutions
Identify regulatory risks in new products, services and initiatives
Demonstrates extensive expertise in information security and engineering practices
Integrates broad working knowledge in related disciplines to apply integrated security solutions for complex business situations
Ability to multitask and deliver multiple concurrent projects under tight deadlines
Security & Compliance Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security & Compliance
List any licenses or certifications required by the position: CISSP, ISO, CISA, CISM, ITIL, ISO27001, ITSM, SAE18, PCI, HMG
Education for Security & Compliance
Typically a job would require a certain level of education.
Employers hiring for the security & compliance job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Education, Information Security, Business, Information Systems, Information Technology, Engineering, Management, Technical, Management Information Systems
Skills for Security & Compliance
Desired skills for security & compliance include:
GDPR
NIST
HIPAA
ISO 27000 series
PCI
ISO
COBIT
Firewalls
PCI-DSS
ITIL
Desired experience for security & compliance includes:
Excellent knowledge of legislation and standards including SOX, and ISO17799
Experience in cryptographic technology and their applications in secure e-mail, general message and content security (for file and database protection), PGP, SSL, digital encryption, code signing, digital signature and digital rights management
Demonstrated proficiency of technology auditing control disciplines including thorough and general knowledge in security and relevant areas of technical specialization (application development, change management, or operations)
OOracle Database Administration
OSQL Database Administration
OUNIX / Linux Operating System Security, including Users andGroups, System Configurations, File Permissions, Privileged Accounts, PasswordControls, Security and Auditing
Security & Compliance Examples
1
Security & Compliance Job Description
Job Description Example
Our company is looking for a security & compliance. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security & compliance
- Candidate will participate in other security projects involving Corporate Security, as needed, such as participating in compliance and risk meetings, reviewing vendor assessments for security requirements
- Accurately interpret audit results against defined criteria
- Provide a written and verbal report of audit findings
- Provide Support for internal and external auditors and examiners by preparing reports, gathering information and answering questions
- Enjoy delivering a professional Information Security service to Colleagues
- Successful completion of allocated tasks
- Development into an Information Security professional
- A confident leader and communicator with the ability to influence and act as an ambassador representing directly at board level both internally and with clients
- Self-motivated – personal drive and enthusiasm to continually improve
- Clearly demonstrates the appropriate behaviour in keeping with a customer facing, management role
Qualifications for security & compliance
- Knowledge of physical security systems (access control, alarm, CCTV etc)
- Knowledge of the Customer Security Document creation process from contract signature through the completion of implementation into steady-state
- Knowledge of GTS Global Processes and the ability to provide guidance and education on the GTS processes
- An excellent understanding of PCI and SOX and the requirements that must be met by the business and its partners in order to well protect card holder information and GCC with respect to financial information systems respectively
- Have managed 3 to 5 PCI audits and worked with both IT and business teams to ensure that all requirements are met on an annual basis and that the business achieved documented compliance
- IT technical background (eg
2
Security & Compliance Job Description
Job Description Example
Our company is looking to fill the role of security & compliance. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security & compliance
- Daily review of Firewall Security Logs
- Assist in remediation and scheduling of Firewall deficiencies
- Daily review of Anti-Virus Logs
- Assist in remediation and scheduling of Anti-Virus deficiencies
- Daily review of intrusion prevention and detection logs
- Assist in remediation and scheduling of intrusion prevention and detection
- Daily review of Server Logs
- Assist in the remediation and scheduling of Server issues
- Enforce and comply with licensing compliance
- Provision storage as needed to the infrastructure
Qualifications for security & compliance
- Higher education in the field of Computer Science or Information Assurance
- 5+ years of compliance/audit experience in either consulting or enterprise security department (CISSP/CISA helpful)
- Experience in security and infrastructure protection and/or information security audit and compliance
- Refined knowledge of information security standards, frameworks, and assessment methodologies
- Ability to translate IT systems risk to all levels of the organization in a clear and concise manner
- Take a global view
3
Security & Compliance Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of security & compliance. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security & compliance
- Evaluates and recommends security software and hardware, encryption methods, authentication servers, and control techniques needed to secure data and information systems
- Project-manage the Information Security and Privacy portfolio of initiatives
- Coordinate 3rd party audits of TokBox, including pentests, vulnerability tests and SOC2 audits
- Assess and track compliance with regulatory and legal requirements relevant to the TokBox business
- Assist in pre-sales efforts relating to Customer due diligence of TokBox InfoSec program
- Assist Legal with contract reviews of security schedules
- Manage privacy incident response and coordinate remediation activities
- Maintain information security and privacy policies
- Manage the business continuity and disaster recovery programs
- Responsible for SAP license utilization and optimization
Qualifications for security & compliance
- You understand the impact of a highly satisfied, excited crew
- Able to work both independently collaboratively achieving results within established time frames with minimal supervision
- Significant knowledge and demonstrated competence with both Agile and Waterfall project management processes, methods, and standards
- Be involved in working directly with delivery teams in contract programs throughout Public Sector to implement security configurations for infrastructure systems, end point devices, and application systems
- You will work with security practitioners, architects, infrastructure engineers, applications developers, business partners & other stakeholders to implement appropriate security solutions for security compliance
- Analyze technology industry & market trends to identify key partners and develop go-to-market approaches for security configuration compliance and vulnerability management solutions
4
Security & Compliance Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of security & compliance. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security & compliance
- Ensure that all Nespresso Switzerland partners and third-party providers comply with Nestlé Information Security Policies & Principles
- Access re-certification for HR systems
- Actively coordinates the internal and external audits
- Ensures an adequately staffed and trained guard force and directs their activities
- Assists, advises, and guides all departments and/or Corporate Security regarding security regulations and procedures or compliance regulations and procedures
- Coordinates contacts with outside law enforcement agencies or outside regulatory agencies
- Collaborate on security improvements to systems, networks and applications by assessing current solution, performing gap assessments, anticipating future requirements, and providing actionable recommendations
- Create architecture and provide security leadership of cloud, application, identity and access management, end user device, and web services security controls, configurations, and best practices
- Work with the ongoing mergers and acquisitions to ensure that they are designed and migrated securely
- Participate in incident response activities and provide forensics data or guidance as needed
Qualifications for security & compliance
- Function as a key contributor for security configuration and A&A activities in project delivery
- 5+ years of SCAP experience
- 7+ years of hands-on experience in STIG configuration implementation, compliance, and remediation for network infrastructure, servers (Windows, Linux, Unix) and workstations, mobile devices, printers
- 4+ years’ experience with using RedHat Satellite Server to deploy patches, software updates, and configuration deployment
- Strong expertise in Active Directory security and Power Shell scripting
- Experience with NSA system hardening guide
5
Security & Compliance Job Description
Job Description Example
Our growing company is looking for a security & compliance. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security & compliance
- Work with IT and Business operations to promote and educate on service capabilities
- Assesses security needs and capabilities of the organization and creates a plan of action
- Prepares regular reports to IT management concerning the current state of security measures and makes recommendations for improvement as required
- Works with existing policies and procedures to identify, recommend and develop revised policies and procedures relating to information security as appropriate
- Maintains and revises the overall security program
- Identifies and provides information security awareness training as appropriate
- Thorough knowledge of formal project management techniques and tools through training and direct experience (MS Project or other project scheduling tools)
- Works with IT management, risk managers, corporate compliance and in-house legal counsel to perform and maintain risk assessment concerning system down time, unwarranted system access and general risk levels
- Works with internal and external auditors to response to needed requests, suggestions and security related findings
- Works closely with cross functional IT teams to understand the security architecture and coordinates the implementation of changes in security once approved by management
Qualifications for security & compliance
- Hands-on system configuration management, configuration policy deployment and enforcement, and vulnerability mitigation
- 4+ years of software packaging experience
- 4+ years of server and workstation image development and maintenance
- An overall 8 years in the Information Security field with audit and/or compliance experience a plus direct, hands-on experience developing security metrics reports experience in identifying and integrating best practices into an information security program
- Experience managing security related projects and meeting critical deadlines
- Excellent organizational skills and critical attention to detail and deadlines