Security Compliance Analyst

We have partnered with our client in their search for a Security Compliance Analyst. 

The Security Compliance Analyst's primary responsibility is to coordinate and support governance and security efforts in collaboration with other key stakeholders across the Organization. Responsibilities will include cross-functional coordination of the governance and security aspects of work and systems that relate to the delivery of financial services, including the Organization’s investment offices and support departments. This position will help identify and operationalize risk management initiatives and standards that need to be applied to the operating environment. Key functional areas of the position include initiatives governing the Organization’s client and administrative data / information in accordance with ethical, legal, and contractual requirements.

Responsibilities: 

Risk Management:

• Assist with risk assessments and audits to identify compliance issues
• Review client Information Security requirements and questionnaires and prepare responses
• Support the development and maintenance of a third-party vendor risk management program
• Maintain a control matrix, mapping NIST CSF 2.0 controls frameworks to client and Organizational requirements
• Develop, maintain, evaluate, and implement policies and procedures in line with both business requirements and national and international legislative and regulatory changes (i.e., ISO 27001/22301, HIPAA, NIST, FFIEC, CIS 18)
• Maintain an inventory of security improvement opportunities and action items
• Prepare periodic reports on cyber security trends and compliance areas as well as communicate gap areas
• Maintain governance and security compliance inventories such as client security notification requirements
• Review and track ad-hoc client notifications and requests related to Information Security (e.g., vulnerability notifications, ad-hoc control validation requests)
• Collaborate with IT on implementation of security controls required by clients, such as access restrictions, data protections, and vendor management requirements.

• Assist with general Information Security program improvements (e.g., awareness communication, projects)
• Prepare status reports on security risks and mitigations
• Collaborate with Legal/General Counsel to ensure security awareness training addresses current trends in the security environment
• Assist with security and risk management audits, assessments, and mitigation plans
• Assist with security and risk management documentation, including policies, procedures, and risk management tracking
• Assist with security risk management programs such as access management, third party vendor management, vulnerability management, business continuity, data protection, and risk governance
• Assist with Third-Party Risk Management (TPRM) program; enhance vendor and cloud service provider inventories, collect risk artifacts such as SOC2 reports
  • Review, track and follow up on identified vendor risks, helping with continuous TPRM program strength
• Other duties as assigned, based on the ongoing evolution of the Information Security program

• A minimum of 3 years’ experience of progressively responsible technical system experience in an Information Security or Security Compliance role with strong emphasis on security-related functions.
• Combination of relevant education and relevant experience acceptable.
• Financial Services and/or Investment Management experience preferred.
• Understanding of Information Security controls, governance principles and standards/frameworks such as NIST CSF, ISO 27001, NIST 800-53, HIPAA, CIS 18.
• CISSP or CISM certifications preferred
• Strong written and oral communication skills
• Ability to prioritize and work effectively under deadlines
• Ability to work both independently and in a team-oriented, collaborative environment

• Contribute to Team Success: Actively participates as a member of a team to move forward towards the completion of team goals
• Building Partnerships: Identifies opportunities and builds strategic relationships between one’s area and other areas/ departments within the Organization to help achieve business goals.
• Communicate: Clearly conveys information and ideas through a variety of methods in a manner that engages the audience and helps them understand and retain the message.
• Collaboration: Works effectively and cooperatively with others; establishes and maintains good working relationships
• Customer Focus: Ensures that the client perspective is a driving force behind decisions and activities
• Decision Making: Identifies and understands issues, problems, and opportunities; takes action that is consistent with available facts, constraints, and probable consequences.
• Technical/Professional Knowledge and Skills: Has achieved a satisfactory level of technical and professional skills or knowledge in position-related areas; keeps up with current developments and trends in areas of expertise.
• Manages Conflict: Deals effectively with others during times of stress; uses appropriate interpersonal styles and methods to reduce tension or conflict between two or more people.

Title: Security Compliance Analyst

Location: Remote

Client Industry: Financial Services

Compensation: $60-75/hour

Ref ID