So what does a Security Compliance Analyst doThink of yourself as someone who provides a pivotal role in the oversight and implementation of system-wide information security strategies and solutions. You will have a significant role in performing audits, tracking vulnerability assessments, testing security, and working with operations teams on remediation and mitigation of audit findings.
Imagine yourself going to work with one thing on your mind: to manage and improve overall IT/Security Monitoring and Incident Response programs using processes, procedures, and automation.
As a Security Compliance Analyst, you will:
-
Evaluate and design security solutions
-
Work with technicians throughout the company in implementing, maintaining and constantly improving information security practices, while managing and maintaining efforts in the areas of Information Security, Governance, Risk and Compliance.
-
Manage and improve overall IT/Security Monitoring and Incident Response programs using processes, procedures, and automation.
-
Support the Security Compliance Manager in handling the assessment and integration of security controls of the entire corporate environment in line with applicable requirements from PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001.
-
Responsible for policy assessment of endpoint and network security appliances, hardware and software, enforcing the TaskUs security policies and complying with requirements of internal and external security audits and recommendations.
-
Serve as audit liaison, compiling all evidence/documentation requests and reporting on the progress of audits to InfoSec and IT leadership.
-
Key administrator for Cloud Access Security Broker policy management; support in the development and implementation of a corporate security compliance awareness program
-
Develop training and awareness efforts for employees, contractors and visitors - to establish a culture of security to prevent or mitigate security incidents.
-
Conduct research on emerging practices, services, protocols, and standards - in support of system security and compliance enhancement and development efforts.
-
Ensure security compliance with applicable regulations and other state and federal laws, keeping current on US, Philippines and international laws of operating countries, and industry regulations regarding data privacy and security.
-
Assist in the development and maintenance of security operations procedures and processes and work with the business units outside of InfoSec to formally document policies and procedures
-
recommend and support the deployment of additional security products and tools, or enhancements to existing tools, to mitigate security risk and detect/remediate compromises.
-
Will work with security engineers for the optimal configuration of the network and host-based security platforms - aligned with compliance requirements
-
Provide Incident Response support, as needed, for information security related events
-
Participate in the analysis, troubleshooting, and investigation of security-related, information systems anomalies, based on security platform reporting, network traffic, log files, host-based and automated security alerts.
-
Evaluate systems using vulnerability scanners and manual techniques to verify system security settings and configurations. This may include participation in DRP exercises and continuous improvement processes; assisting in the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
Do you have what it takes to become a Security Compliance Analyst
Requirements:
-
Bachelors degree in MIS/Computer Science or Business and/or combination of education and relevant experience
-
Must have an industry recognized information security certification, such as CISA, CISM, CISSP, SSCP ,CCIE or CEH.
-
At least 5 years experience, two of which are focused on IT security and/or IT audit
-
In-depth and hands-on experience with at least 2 of the following compliance requirements: PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001
-
Must possess a strong understanding of enterprise, network, system and application level security issues; functional awareness of both Linux-based and MS Windows-based system platforms
-
Has a strong IT technical understanding and aptitude for analytical problem-solving; understand enterprise computing environments, distributed applications, and understanding of TCP/IP networks
-
Previous background working on system hardening processes, tools, guidelines and benchmarks
-
Experience in DLP policy and vulnerability management scanning platforms
-
Experience in Cloud Access Security Broker solutions is a distinct advantage
-
Has knowledge of Business Continuity Management (BCM) and Business Impact Analysis (BIA)
-
Has good Project Management skills with the ability to self-start projects
-
Can handle sensitive and/or confidential material and information with suitable discretion
