Security Compliance Analyst I

Overview The Security Compliance Analyst I is responsible for performing risk and compliance tasks and assessments of IT processes and systems. Provides support for information security processes; operates other software to assess vendor security & privacy, provides audit and regulatory support, and produces policy and standards documents. Performs regular access reviews for critical systems. Plays a crucial role in protecting an organizations information systems by identifying and mitigating potential security risks. Maintains the security and integrity of an organizations information systems. Hiring Range: $66k - 82k / Year Responsibilities ESSENTIAL FUNCTIONS: Assists with the implementation of the corporate information security governance and compliance efforts(e.g., NIST, CIS Controls, SSAE16/SOC, HITRUST, etc.) Performs internal security and privacy compliance assessments based upon identified controls. Performs security assessments for third party vendor or partner relationships with the ability to read andassess compliance documents such as SOC2 and HITRUST attestations or certifications. Assists in developing and implementing security program governance, compliance frameworks, processes,policies, standards, and work instructions. Provides KPIs, metrics and recurring reports to management. Participates in the implementation and continuous improvement of the ESSC Security Program. Participates in Incident Response and Disaster Recovery planning and exercises. Performs regular access reviews for critical business systems. Performs other duties as assigned. Qualifications EDUCATION: Security , CISA, CISSP, CISM or other information security certifications preferred. Bachelors Degree: Typically, in Information Technology, Business, or a related field is preferred. EXPERIENCE: 2-5 years of experience in Information Security/Compliance. Experience with information security, internal & external audits, contract compliance, and qualityinitiatives. Experience driving compliance-related activities such as SOC2 readiness & audit support. KNOWLEDGE, SKILLS, ABILITIES: Must pass all drug testing required by ESSC and if required, a post-offer physical evaluation. Ability to obtain and maintain a criminal record/fingerprint clearance from the Department of Justice andFederal Bureau of Investigation, per Easterseals of Southern California and/or program requirements. Understanding and application of security best practices, risk management, regulatory, contractual, andrelevant statutory requirements (HIPAA, CIS Critical Controls, NIST, ISO 27001/2, SOC2). Knowledge of applicable laws and practices relating to information privacy and security. Firm understanding of risk management principles. Demonstrated knowledge of business software and hardware, knowledge of security related applications,familiarity with ticketing systems, and strong customer service and organizational skills.