Infinity Consulting Solutions
Security Compliance Analyst
Infinity Consulting Solutions, Tempe, Arizona, us, 85285
We have partnered with our client in their search for a Security Compliance Analyst.
The Security Compliance Analyst's primary responsibility is to coordinate and support governance and security efforts in collaboration with other key stakeholders across the Organization. Responsibilities will include cross-functional coordination of the governance and security aspects of work and systems that relate to the delivery of financial services, including the Organization's investment offices and support departments. This position will help identify and operationalize risk management initiatives and standards that need to be applied to the operating environment. Key functional areas of the position include initiatives governing the Organization's client and administrative data / information in accordance with ethical, legal, and contractual requirements.
Responsibilities:
Risk Management:
Assist with risk assessments and audits to identify compliance issuesReview client Information Security requirements and questionnaires and prepare responsesSupport the development and maintenance of a third-party vendor risk management programMaintain a control matrix, mapping NIST CSF 2.0 controls frameworks to client and Organizational requirementsDevelop, maintain, evaluate, and implement policies and procedures in line with both business requirements and national and international legislative and regulatory changes (i.e., ISO 27001/22301, HIPAA, NIST, FFIEC, CIS 18)Maintain an inventory of security improvement opportunities and action itemsPrepare periodic reports on cyber security trends and compliance areas as well as communicate gap areasMaintain governance and security compliance inventories such as client security notification requirementsReview and track ad-hoc client notifications and requests related to Information Security (e.g., vulnerability notifications, ad-hoc control validation requests)Collaborate with IT on implementation of security controls required by clients, such as access restrictions, data protections, and vendor management requirements.Information Security Management:
Assist with general Information Security program improvements (e.g., awareness communication, projects)Prepare status reports on security risks and mitigationsCollaborate with Legal/General Counsel to ensure security awareness training addresses current trends in the security environmentAssist with security and risk management audits, assessments, and mitigation plansAssist with security and risk management documentation, including policies, procedures, and risk management trackingAssist with security risk management programs such as access management, third party vendor management, vulnerability management, business continuity, data protection, and risk governanceAssist with Third-Party Risk Management (TPRM) program; enhance vendor and cloud service provider inventories, collect risk artifacts such as SOC2 reports
Review, track and follow up on identified vendor risks, helping with continuous TPRM program strength
Other duties as assigned, based on the ongoing evolution of the Information Security program
Education, Experience and Qualifications
A minimum of 3 years' experience of progressively responsible technical system experience in an Information Security or Security Compliance role with strong emphasis on security-related functions.Combination of relevant education and relevant experience acceptable.Financial Services and/or Investment Management experience preferred.Understanding of Information Security controls, governance principles and standards/frameworks such as NIST CSF, ISO 27001, NIST 800-53, HIPAA, CIS 18.CISSP or CISM certifications preferredStrong written and oral communication skillsAbility to prioritize and work effectively under deadlinesAbility to work both independently and in a team-oriented, collaborative environmentAbilities
Contribute to Team Success: Actively participates as a member of a team to move forward towards the completion of team goalsBuilding Partnerships: Identifies opportunities and builds strategic relationships between one's area and other areas/ departments within the Organization to help achieve business goals.Communicate: Clearly conveys information and ideas through a variety of methods in a manner that engages the audience and helps them understand and retain the message.Collaboration: Works effectively and cooperatively with others; establishes and maintains good working relationshipsCustomer Focus: Ensures that the client perspective is a driving force behind decisions and activitiesDecision Making: Identifies and understands issues, problems, and opportunities; takes action that is consistent with available facts, constraints, and probable consequences.Technical/Professional Knowledge and Skills: Has achieved a satisfactory level of technical and professional skills or knowledge in position-related areas; keeps up with current developments and trends in areas of expertise.Manages Conflict: Deals effectively with others during times of stress; uses appropriate interpersonal styles and methods to reduce tension or conflict between two or more people.
Title: Security Compliance Analyst
Location: Remote
Client Industry: Financial Services
Compensation: $60-75/hour
Ref ID
The Security Compliance Analyst's primary responsibility is to coordinate and support governance and security efforts in collaboration with other key stakeholders across the Organization. Responsibilities will include cross-functional coordination of the governance and security aspects of work and systems that relate to the delivery of financial services, including the Organization's investment offices and support departments. This position will help identify and operationalize risk management initiatives and standards that need to be applied to the operating environment. Key functional areas of the position include initiatives governing the Organization's client and administrative data / information in accordance with ethical, legal, and contractual requirements.
Responsibilities:
Risk Management:
Assist with risk assessments and audits to identify compliance issuesReview client Information Security requirements and questionnaires and prepare responsesSupport the development and maintenance of a third-party vendor risk management programMaintain a control matrix, mapping NIST CSF 2.0 controls frameworks to client and Organizational requirementsDevelop, maintain, evaluate, and implement policies and procedures in line with both business requirements and national and international legislative and regulatory changes (i.e., ISO 27001/22301, HIPAA, NIST, FFIEC, CIS 18)Maintain an inventory of security improvement opportunities and action itemsPrepare periodic reports on cyber security trends and compliance areas as well as communicate gap areasMaintain governance and security compliance inventories such as client security notification requirementsReview and track ad-hoc client notifications and requests related to Information Security (e.g., vulnerability notifications, ad-hoc control validation requests)Collaborate with IT on implementation of security controls required by clients, such as access restrictions, data protections, and vendor management requirements.Information Security Management:
Assist with general Information Security program improvements (e.g., awareness communication, projects)Prepare status reports on security risks and mitigationsCollaborate with Legal/General Counsel to ensure security awareness training addresses current trends in the security environmentAssist with security and risk management audits, assessments, and mitigation plansAssist with security and risk management documentation, including policies, procedures, and risk management trackingAssist with security risk management programs such as access management, third party vendor management, vulnerability management, business continuity, data protection, and risk governanceAssist with Third-Party Risk Management (TPRM) program; enhance vendor and cloud service provider inventories, collect risk artifacts such as SOC2 reports
Review, track and follow up on identified vendor risks, helping with continuous TPRM program strength
Other duties as assigned, based on the ongoing evolution of the Information Security program
Education, Experience and Qualifications
A minimum of 3 years' experience of progressively responsible technical system experience in an Information Security or Security Compliance role with strong emphasis on security-related functions.Combination of relevant education and relevant experience acceptable.Financial Services and/or Investment Management experience preferred.Understanding of Information Security controls, governance principles and standards/frameworks such as NIST CSF, ISO 27001, NIST 800-53, HIPAA, CIS 18.CISSP or CISM certifications preferredStrong written and oral communication skillsAbility to prioritize and work effectively under deadlinesAbility to work both independently and in a team-oriented, collaborative environmentAbilities
Contribute to Team Success: Actively participates as a member of a team to move forward towards the completion of team goalsBuilding Partnerships: Identifies opportunities and builds strategic relationships between one's area and other areas/ departments within the Organization to help achieve business goals.Communicate: Clearly conveys information and ideas through a variety of methods in a manner that engages the audience and helps them understand and retain the message.Collaboration: Works effectively and cooperatively with others; establishes and maintains good working relationshipsCustomer Focus: Ensures that the client perspective is a driving force behind decisions and activitiesDecision Making: Identifies and understands issues, problems, and opportunities; takes action that is consistent with available facts, constraints, and probable consequences.Technical/Professional Knowledge and Skills: Has achieved a satisfactory level of technical and professional skills or knowledge in position-related areas; keeps up with current developments and trends in areas of expertise.Manages Conflict: Deals effectively with others during times of stress; uses appropriate interpersonal styles and methods to reduce tension or conflict between two or more people.
Title: Security Compliance Analyst
Location: Remote
Client Industry: Financial Services
Compensation: $60-75/hour
Ref ID