Information Security Risk & Compliance Analyst at Avant
What you do at Avant:
- Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and internal audit.
- Maintain risk register and evidence archive in the Avant GRC platform.
- Document, formulate and enforce remediation activities that balance risk with business operations and do not diminish efficiencies or innovation in the business.
- Partner with vendor management in oversight of third parties and business partners to safeguard against undue risk presented by external entities. Analyze assessment findings, document, recommend and report remediation plans to security leadership.
- Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting. Work in tandem with security engineering, internal audit and risk management leadership to perform ongoing security program assessments .Attend and fully engage in change management meetings.
- Liaison with auditors, both internal and external, to attest and implement controls for compliance and privacy laws.
- Perform other duties as assigned.
Why you are a fit for Avant:
- At least 5+ years’ experience in information security as a practitioner and with at least 2 to 3+ years exposure with various security frameworks.
- Knowledge of security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities. Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, GLBA, and NIST Security and Privacy Frameworks. Additional experience in one or more of the following is a plus: ISO 27001/2, ITIL or FFIEC, FDIC Regulatory FrameworksExceptional written and verbal communication skills, and proven ability to translate security and risk to business language.
- Working knowledge of technologies such as cloud computing, DevOps and understanding of application security best practices is required.
- Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines. Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Preferred experience with cloud environments such Amazon Web Services (AWS), Google Cloud and Microsoft Azure. Prior experience operating in a GRC system.
- Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
- Self-motivated, directed and well-organized, with the anticipation to position controls in anticipation of threats. Successful track record of managing relationships with external entities’ and mitigating risks in business development opportunities.
- Familiarity with state, federal and international privacy laws.
- Highly trustworthy; leads by example.
- Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experienceHold or working toward one or more of the following a plus: CISSP, CRISC, or CISA, CGRC