Description
As an Information Security Compliance Analyst within the Compliance team, you should bring a high level of security compliance-centric focus blended with technical expertise that aligns what we do as a business to our client’s mission. The InfoSec Compliance Analyst is expected to be well organized, detail oriented, understand and demonstrate compliance documentation writing vocabulary, have current and relevant IT technology experience with a strong security focus, work comfortably under pressure, and deliver on tight deadlines.
You would be responsible for leading the day-to-day information security risk and compliance activities in support of various clients. This position is responsible for establishing a structured approach to aligning cyber/information security with business objectives, while effectively managing risk and meeting various compliance standards in support of legal and regulatory compliance needs and general IT and organizational information security practices.
This position requires an individual who can liaise with key functional teams such as IT, HR, Marketing, Finance, Sales, Legal, Contracts, Supply Chain, and others to identify and manage security standards and best practices that govern information security across any given client.
Responsibilities And Duties
Your responsibilities will be broad and will include, but are not limited to the following:
- Provide accurate analysis and environment scoping guidance to clients to ensure proposed solutions are aligned with compliance controls in the most efficient manner.
- Provide guidance to clients and complete security questionaries submitted by vendors, customers & partners.
- Perform host, network, cloud, application-based, and process-based security control assessments.
- Perform risk assessments/ gap analysis for clients based on their compliance obligations with organizational policies, applicable regulatory and legal requirements, and industry best practices.
- Implement NIST 800-171 and CMMC Levels 1-3 information security management frameworks and standards for internal and external clients.
- Develop and maintain SSP and POAM documentation for in-scope environments.
- Work with our technical teams to remediate controls that govern the protection of our client’s information systems, networks, and data, determining technical solutions and recommendations for implementation.
- Own the development of applicable policies, processes, and procedures, working with applicable stakeholders and SMEs as appropriate.
- Deliver and manage security awareness & education programs.
- Monitor and measure compliance and performance, report results.
- Evaluate, mitigate, and manage information security-related risks, supporting the development and implementation of solutions to minimize those risks.
- Help prepare for internal and/or external audits and sustain purpose-driven engagement and effective interaction with auditors to provide relevant evidence and artifacts, remediate findings, and support audit processes for relevant compliance concerns.
- Other duties, as assigned by the jobholder’s supervisor, may also be required.
Requirements
Knowledge, Skills, and Abilities:
- Exceptional documentation, communication, presentation, and relationship management skills.
- Highly organized, team player, responsive, positive, excellent collaborator, and critical thinker.
- Familiarity with security tooling such as, Microsoft 365 Admin, Azure Security Center, and Microsoft Cloud App Security (MCAS).
- Experience administering Security Information and Event Management (SIEM) tools (i.e., Sentinel)
- Strong working knowledge of Microsoft tools and cloud-based services, Azure, Office/Microsoft 365, Intune, Multi-Factor Authentication, Defender ATP, Teams, Exchange Online, Sentinel, Microsoft Virtual Desktop, Microsoft Power Platform (Power BI), etc.
- Strong working knowledge of Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP.
- Strong working knowledge of Windows servers and VMWare.
Qualifications
- U.S. Citizen (Federal client requirement)
- Bachelor’s degree in in Information Technology/Security, Computer (Information) Science, Management Information Systems, or related discipline.
- CISSP or CISM certification strongly preferred. Other industry standard security certifications such as: CCA, CCP, CIPP, CDPSE, CISA, CRISC, CGEIT, etc. desired.
- 10+ years’ experience in an information/cyber security, risk, and compliance role to include advising executives, IT management, and other stakeholders on compliant strategies and solutions.
- 7+ years’ technical experience using Microsoft-based solutions and products.
- Technical certification strongly preferred such as MCSE, MCSA, Azure, etc.
- Working knowledge of NIST 800-171, NIST 800-53, and/or the Cybersecurity Maturity Model Certification (CMMC) frameworks and standards.
- Familiarity with other compliance frameworks such as FedRAMP, FISMA, SOC, PCI, ISO, HIPAA, HITRUST, etc. is preferred.
Why join our winning team?
- Competitive wages to reflect your experience and skills.
- Comprehensive medical, dental, and vision insurance plans to keep you and your family healthy.
- 401(k) with company match to help you plan for the future.
- Flexible time off policies to ensure you maintain a healthy work-life balance.
- We offer many remote opportunities, allowing you to work wherever you want.
- We are committed to creating a positive impact on society and contributing to a better world--we're involved in our community and encourage our employees to do the same.
- We are reshaping the industry and the way it thinks about technology and service.
- We strive to be better and encourage our employees to do the same by offering training incentives and bonuses to help you and your career grow.
- The opportunity to be a part of an amazing team.
You understand and acknowledge that R3 may add to, subtract from, or otherwise modify your duties and job title at any time in its sole discretion. As a member of the R3 team, we would ask for your commitment to deliver outstanding quality and results that exceed client expectations. In addition, we expect your personal accountability in all the products, actions, advice and results that you provide as a representative of R3. In return, we are committed to providing you with every opportunity to learn, grow and stretch to the highest level of your ability and potential.