The Security & Compliance Analyst is responsible for evaluating our company’s technological infrastructure to ensure processes and systems run accurately and efficiently, while remaining secure and meeting internal and external compliance standards. The Security & Compliance Analyst is responsible for identifying and communicating any IT security, compliance, process, or operational issues to management and offer solutions to improve or change processes and systems to ensure security and compliance. This individual reports to the IT Manager, and will apply proven communication, analytical, and problem-solving skills to help maximize the benefit of IT system investments.
Major Areas of Responsibility
Ensure security and operational risks are identified and mitigated
Monitor internal controls against security frameworks to ensure compliance
Perform targeted risk-based compliance reviews, analysis and reporting
Prepare and update evidence collection and compliance monitoring evaluation criteria as necessary
Assist with the design and implementation of IT security and operational controls
Assist with periodic continuous monitoring activities for IT functions
Design, update and prepare periodic reports and status updates on compliance issues for management
Work closely with all IT teams to ensure support and delivery of quality IT services
Maintain a complete understanding of and adheres to all IT policies and processes
Undertaking methodical investigation, analysis, review and documentation of business functions and processes
Create process documentation/workflows, knowledge articles and self-service guidance for IT Services
Collect and document of business requirements for project and process improvement/automation efforts
Ensure compliance with internal IT process, procedures, and standards
Developing, implementing, testing, and evaluating internal review procedures
Assisting with internal compliance reviews, certifications, and self-assessments
Conduct maturity assessments against the process activities to highlight areas of improvement or concerns
Assist in developing process improvement for IT security, infrastructure, and operations
Other duties as assigned.
Strong business, process, and data analysis skills
Outstanding communication and presentation skills
Exceptional organizational skills, able to meet agreed deadlines and thrives under pressure
Working knowledge IT security, infrastructure, and operational concepts
Working knowledge of process modeling tools (Visio, LucidChart, SmartDraw, etc.)
Working knowledge of reporting, data analytics and visualization tools (ACL, Excel, Power BI, SAS, Tableau)
Knowledge of various security frameworks (ISO27002, NIST CSF, CIS Controls, etc.) is a plus
Knowledge internal compliance standards (as SOX, MAR, COSO, COBIT, etc.) is a plus
Skills & Abilities
Time Management — Managing one's own time and the time of others.
Service Orientation — Actively looking for ways to help people.
Coordination — Adjusting actions in relation to others' actions.
Critical Thinking — Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
Judgment and Decision Making — Considering the relative costs and benefits of potential actions to choose the most appropriate one.
Verbal and Written Expression and Recognition — The ability to listen to, understand and communicate information and ideas presented through spoken or written words and sentences.
Problem Sensitivity — The ability to tell when something is wrong or is likely to go wrong. It does not involve solving the problem, only recognizing there is a problem.