Logo
Holmes Murphy & Associates

Information Security Compliance Analyst

Holmes Murphy & Associates, Waukee, Iowa, United States, 50263


Holmes Murphy has always believed that investing in our employees, the spaces in which they work, and the environment that we provide are all critical to our culture, purpose, and the services we offer. Our

Information Technology

team is seeking a dedicated

Information Security Compliance Analyst

to join our dynamic team in

Waukee, IA .

This role is integral to supporting our enterprise information security program, including strategy, policies, standards, awareness, and training initiatives. As an Information Security Compliance Analyst, you will play a crucial advisory role, driving improvements that enhance our overall governance program. Your efforts will help enable and protect our business, ensuring robust information security across the organization.

Duties:

Regulatory Compliance Monitoring:

Thoroughly understand and stay up-to-date with relevant security regulations, laws, and industry standards (e.g., GDPR, HIPAA, PCI DSS, ISO 27001, NIST, etc.).Assess the organization's current security posture and identify gaps or areas of non-compliance.Develop and implement policies, procedures, and controls to ensure compliance with applicable regulations and standards.Risk Assessment and Management:

Conduct risk assessments to identify potential security threats, vulnerabilities, and their associated risks.Analyze and prioritize risks based on their likelihood and potential impact.Recommend and implement appropriate risk mitigation strategies and controlsSecurity Control Implementation and Monitoring:

Collaborate with various teams (IT, operations, legal, etc.) to design, implement, and maintain security controls.Monitor the effectiveness of security controls and ensure they are operating as intended.Perform regular audits and assessments to evaluate the organization's compliance posture.Vendor and Third-Party Risk Management:

Assess the security posture and compliance of third-party vendors, suppliers, and partners.Ensure that appropriate security controls and contractual agreements are in place for third-party relationships.Documentation and Reporting:

Maintain comprehensive documentation of compliance activities, assessments, audits, and remediation efforts.Prepare and present compliance reports to management, auditors, and regulatory bodies as required.Continuous Improvement:

Stay informed about emerging security threats, new regulations, and industry best practices.Identify opportunities for improving the organization's security posture and compliance processes.Collaborate with cross-functional teams to implement enhancements and drive continuous improvement.Knowledge, Skills, and Abilities:

Strong interpersonal and communication skills (oral and written) due to interaction with employees at all levels and need for accuracy in role. Ability to elicit clarity.Ability to acquire knowledge of organizational methods and business acumen.Understanding of Agile, Waterfall & LEAN methodologies. Knowledge of System Development Life Cycle framework.Strong facilitation skills. Ability to run an effective and efficient meeting.Strong analytical skills and attention to detail.Knowledge of robotic process automation (RPA) and business automation. Familiar with Automation Implementation Methodology. Basic knowledge of how automations are developed with the automation tools, such as UiPath and Power Automate.Qualifications:

Associate's or Bachelor's degree in a related area or an equivalent combination of education, training, and experience5+ years relevant experience in Information Security; Experience in compliance, governance, or other security-related fieldCISSP or CISA designation preferred, or willing to obtain within 2 years.Benefits:In addition to core benefits like health, dental and vision, also enjoy benefits such as:

Paid Parental Leave and supportive New Parent Benefits - We know being a working parent is hard, and we want to support our employees in this journey!Company paid continuing Education & Tuition Reimbursement - We support those who want to develop and grow.401k Profit Sharing - Each year, Holmes Murphy makes a lump sum contribution to every full-time employee's 401k. This means, even if you're not in a position to set money aside for the future at any point in time, Holmes Murphy will do it on your behalf! We are forward-thinking and want to be sure your future is cared for.Generous time off practices in addition to paid holidays - Yes, we actually encourage employees to use their time off, and they do. After all, you can't be at your best for our clients if you're not at your best for yourself first.Supportive of community efforts with paid Volunteer time off and employee matching gifts to charities that are important to you - Through our Holmes Murphy Foundation, we offer several vehicles where you can make an impact and care for those around you.DE&I programs - Holmes Murphy is committed to celebrating every employee's unique diversity, equity, and inclusion (DE&I) experience with us. Not only do we offer all employees a paid Diversity Day time off option, but we also have a Chief Diversity Officer on hand, as well as a DE&I project team, committee, and interest group. You will have the opportunity to take part in those if you wish!Consistent merit increase and promotion opportunities - Annually, employees are reviewed for merit increases and promotion opportunities because we believe growth is important - not only with your financial wellbeing, but also your career wellbeing.Discretionary bonus opportunity - Yes, there is an annual opportunity to make more money. Who doesn't love that?!

Holmes Murphy & Associates is an Equal Opportunity Employer.

#LI-RG1 #Onsite