Security Compliance Analyst
Groupon’s Information Security team is seeking an experienced Security analyst with a strong background in audit or compliance to support Groupon’s PCI Compliance initiatives.
The primary responsibility of this position is to provide technical and operational support for Groupon’s PCI environment which includes tracking the status of all PCI DSS issues on assigned projects and periodic tasks, troubleshooting security incidents, performing vulnerability management and remediation and update servers with critical patches. Additional responsibilities will include to consult internally in the testing and deployment of systems and networks to ensure a compliant infrastructure and proper management.
Further, this position will be responsible for managing SSL certificates and providing guidance around third party vendor security reviews.
● Work and assist with various PCI Teams as a Subject Matter Expert (SME) on assigned projects and offers council regarding the intent of PCI requirements
● Assist in managing PCI Discovery/Gap Analysis initiatives and coordinate with various functional groups to determine PCI compliance status for assigned clients
● Assist during the audit to manage the process of providing all requested evidence during our PCI assessments
● Work with global security team members leadership to ensure security best practices are identified and integrated into all facets of projects including network, system designs/configuration, and implementations
● Ability to work cross-functionally with multiple teams and stakeholders to manage vulnerabilities and fix issues efficiently
● Assist in documenting standards, processes, and procedures for incident response, security systems, and tools as needed
● Create, review and update architectural and network diagrams
● Software patching and vulnerability remediation - Maintain client management tool for patching. Research, manage, and audit application, workstation, and server patches on a monthly basis
● Assist in monitoring and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to: endpoint security (anti-malware, encryption), IDS/IPS (Host/Network/Wireless), log management/correlation, firewall reviews, Application Whitelisting, etc.
● Identify and recommend potential areas where existing data security policies and procedures require change, or where a supplement is required to mitigate key security risks.
● Support numerous security technologies, including vulnerability scanning, multi-factor authentication systems, network and perimeter monitoring, and the systems related to log and event information, alerts, and connections of systems providing logs and alerts
● Approve, support, and troubleshoot TLS Certificates and installation.
● Provides risk guidance for IT projects and recommendations for controls relating to third party management.
● Isolate and resolve escalated incident tickets related to security systems.
● Identify areas where existing security architecture requires improvement and develop proposals, processes and implementation plans
● Provide technical and operational security support to Engineering, Legal, and various business units
● A minimum of 4+ years job related experience in compliance or technical engineering field
● Has worked in a regulated environment, preferably dealing with PCI, SOX or other federally regulated examinations
● Demonstrated expertise managing a compliance project and effectively managing stakeholders
● Ability to work in an Agile development environment
● Ability to develop a detailed estimates of the level of effort required and creaate a project plan for the deliverable objective
● Track, manage, and adjust the original plan as necessary to ensure success
● Information Security Certification(s) with demonstrated work experience preferred. Desired certifications include: CISA, CISP, PCI, PMP (a plus)
● Knowledge and familiarity related to administering and securing OSX and Linux operating systems, database platforms, endpoint security and network infrastructure is preferred.
● Experience with best practices related to network architecture & security controls (Routers, Firewalls, networking protocols, etc)
● Ability to recognize/analyze/and document deficiencies and articulate those deficiencies to both technical and non-technical key management personnel.
● Experience using a risk-based audit approach in evaluations of and recommendations for management processes
● Diligent in coordinating and executing processes and procedures
● An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
● Experience using with open-source software and command line utilities
● Experience with vulnerability management and penetration testing tools such as Rapid7, Tenable, etc.
● An understanding of IDS/IPS software such as CloudPassage, OSSEC, etc.
● Be able to participate effectively in an on-call rotation
● Understanding of policy and procedure development
● Demonstrated track record staying up to date with industry information security and compliance knowledge
Ability to perform workstation
Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.