IT Security Compliance Analyst
At Five Rivers IT, we build and service reliable IT infrastructures for midsized businesses. Five Rivers IT has been growing at a consistent rate of 30% a year for the last 3 years.
We are in search of an IT Security Compliance Analyst to join the dynamic team of professionals providing world-class IT services to its clients in the NYC metro area. This is a great opportunity for a self-starter with a proven track record to develop, implement, and support various initiatives in the area of governance, risk and compliance.
Responsibilities:
- Maintain proactive ongoing compliance by utilizing GRC compliance tool to perform periodic security tasks and checks.
- Establish and manage Written Information Security Policies (WISP) ensuring a formal, defined, and consistent process for managing information security
- Perform Gap Assessment against established policy
- Liaison with Engineering/IT by coordinating requests for information and coordinating responses to any observations.
- Monitor and analyze security systems to identify irregularities that can lead to potential threats.
- Responsible for Incident Management, be readily available for: Incident documentation, ensure risk analysis and severity, manage containment, lead investigation, ensure proper notification protocol, conduct & document lessons learnt, Report on findings and to then communicate them to the client.
- Conduct Vulnerability Management Program.
- Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.
- Provide actionable, technical advice to engineers to enhance security control design & effectiveness (including for cloud environments)
Required Qualifications:
- Bachelor's in Computer Science, Computer Engineering, Information Systems or related field or equivalent work experience
- Up to 2 years of experience managing Information Security audits (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA)
- Experience implementing security techniques, practices, and controls that can be applied to address risks
- Experience operating as part of an Information security program in alignment with common information technology management frameworks such as ISO 27001, NIST, CIS, ITIL, COBIT, etc.
- Strong written and verbal communication skills
- Strong program management skills
- Experience working closely with auditors and/or external regulators
- Experience managing security tools
Preferred Qualifications:
- Experience with Audit Management tools
- Security certification e.g. Security+, Network +, A+ etc.
- Prior experience leading or managing security audits at a SaaS/Cloud company or as a Security Auditor at an audit firm
- Systems Admin or Network Admin experience implementing security controls
Other Details About The Job
- This job requires working for multiple clients across multiple environments in a managed services setting.
- This is a Full-Time position.
- This role is a hybrid role with a minimum of 3 days in office but may require up to 5 days.
- All standard benefits are included such as medical/dental/vision insurance and vacation time.
- We encourage and reward professional certifications.
Please send your resume with the expected salary. Applications lacking expected salary will not be considered.
Powered by JazzHR
0oTnyynf7D
