Security Analyst
Description
This is a unique role at Productive Edge that requires a self-starter who values autonomy and has their own vision for how information security and associated processes and frameworks can be effectively implemented and maintained both within the organization and for PE’s clients.
The role requires expertise in evaluating, assessing and monitoring the organization’s compliance with applicable information security standards and frameworks (particularly SOC II & GDPR), industry best practices, and applicable laws and regulations. This role will lead and maintain the organization’s information security program and assist the internal teams and external clients in implementing security policy objectives.
Duties and Responsibilities
- Manage the entire audit and compliance practice for the organization with responsibility for completion of all internal and external audits throughout the year. Work with external auditors to demonstrate and provide evidence for controls that are in place.
- Responsible for the documentation and execution of all security-related policies and procedures including the business continuity and disaster recovery plans. Ensures policies and procedures reflect business requirements and industry-leading security practices.
- Provides regulatory and compliance advice to business and control units on an ongoing basis.
- Analyze and address breaches in operations to ensure the integrity of processes, controls, and policies.
- Participate in the evaluation, development, and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments.
- Participate in vulnerability scans, penetration tests and ethical hacking tests that are conducted and manage results to remediation of issues found.
- Responsible for developing policies, procedures, and automated processes to ensure the company’s environment continues to meet all applicable standards and recommendations
- Responsible for completion of security questionnaires and working with the Sales team on RFI responses related to security.
- Manage the Security Awareness Training program to ensure employees complete all required modules annually.
- Proactively identifies technology risks and develops recommendations for improvements to mitigate risks and bring programs and operations into compliance with the goals and objectives of the Information Security Management Program.
- Takes a lead role in the development and execution of the internal IT compliance-testing program. This includes application assessments, internal IT controls, and compliance reviews; and remediation testing of issues identified during regulatory inspections or internal assessments.
Skills & Specifications
- Pro-active, self-starter with a strong work ethic and the ability to stay on task and focused with minimal supervision
- Ability to handle multiple projects simultaneously
- Organized with exceptional attention to detail
- Ability to influence change in corporate understanding and adoption of information security concepts.
- Excellent communications and interpersonal skills and the ability to work effectively with peers, company leadership, and internal/external business partners/clients.
- Strategic planning and tactical leadership skills and experience
- Strong analytical, data management and decision-making skills
Education and Qualifications
- Bachelor’s degree or equivalent work experience
- 5+ years of experience in two or more major information technology functions (infrastructure, operations, application support, etc.)
- 2+ years IT security, IT compliance, or IT risk management experience desired.
- Familiarity with industry frameworks and standards such as SOC 2 Type 2, HITRUST, ISO27001, SOX, ITAR, GDPR, HIPAA, controls and audit processes
- In-depth knowledge of application security, information security risk and Industry best practices (how to best manage risk).
- CISSP, CISA, or CISM preferred.