Associate Information/Cyber Security Compliance Analyst

EmployeeDay-to-Day:

oSupport the development of best practice policies and standards based on various governance frameworks, and customer requirements.

oEnsure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.

oSupport the IT Security Exception program, by responding to requests for non-compliance with policies and standards. Support the development of solutions to address risk factors and events in a cost-effective manner and in line with business objectives.

oAddress risk issues and action plans from all sources, e.g., Facilitate External audit, Conduct Internal Audit, technology risk assessments, etc. working with the Office of Cyber Security Risk. Support the development of solutions to mitigate weaknesses in internal controls and risks. Assign control owners to establish accountability.

oSupport the Information Security Management System (ISMS) by helping the organization to demonstrate compliance with various framework controls like: NIST, CMMC, TISAX, ISO27001 and improving the existing ISMS.

oSupport the GRC software platform for policy administration, compliance and risk management, and responsibility attestation

oSupport on developing, maintaining, and enhancing the Disaster Recovery Program (plans, standards, roles, responsibilities, templates, tools, and reporting).

oSupport and execute on User Access reviews and EOL OS Reviews

oSupport third party security assessments by making recommendations and performing periodic reviews.

oServing as a liaison between IT Compliance and other IT groups, and the Business through effective communication, both verbally and in writing.

Your skills and knowledge:

oExperience in a related role/area

oAbility to work independently and with others.

oA go getter that can track, prioritize and ensure projects are completed timely.

oKnow when to raise request for additional support, guidance, and resources.

oBringing a solution and executing on the solution to resolve a problem

oMaintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.

Ideal technical/experience skills:

• Understanding/Certification of ISO27001/NIST, CMMC, TISAX
• Basic understanding of IT systems & networks
• Best practices around confidentiality, integrity, and availability
• Basic understanding around security policies and standards
• Basic understanding of Asset Management, Information Security Risk Management, Assessments, Incident Management, Human Resources Security, Physical Security and Business Continuity, Identity & Access Management, Encryption, Operations Security (incl. Change Management), Supplier Relationships, Compliance, Data Protection