This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

Pursue your happiness! Your next job is here!

To post a job, login or create an account |  Post a Job

Compliance & Security Analyst

CSS Tec

This is a Full-time position in Fort Washington, PA posted February 16, 2021.

nn6 month Contract to Hirenn nnRemote to start, onsite after Covidnn nnOur client is a growing and dynamic health and wellness ecommerce organization, Headquartered in the Greater Philadelphia Area.

They are looking to grow their IT Security team by adding a Compliance & Security Analyst.

This is a contract-to-hire role.

They are looking for clients local to the Horsham, PA area.

The role will start 100% remote, but will eventually transition to being an onsite role.nn nn Position Summary: nn nnThe Compliance and Security Analyst is responsible for developing, implementing and administering plans, policies, techniques, and services ensuring ongoing compliance and security of company information resources.

They will support all information technology assessments and/or audits (PCI/SOX/other) of organizational automated systems and processes, interpret results, and develop and communication recommendations for improvement to management.

Participate in review, development and maintenance of security policies.

They will perform and manage Supplier Risk Assessments.

This individual will recommend controls and monitors the effectiveness of the controls after implementation.

They will be responsible for updating security plans resulting from application changes or hardware, software, or network modifications.

They will make recommendations and obtain approval for security standards or software and the assignment of levels of controls.

They are responsible for testing newly implemented security controls and procedures as implemented within the company.

Provides security training and awareness delivery.

This position will perform a security advocacy role and act as a liaison with business units for issues related to information security and ongoing compliance maintenance.

nn nn Essential Duties and Responsibilities Other duties may be assigned.nn Achieves compliance for PCI and SOX by coordinating and managing the actions of teams across the organization and being the primary liaison between internal/external auditors and all business stakeholders.

Identify and document security vulnerabilities and weaknesses in the environment such as unauthorized access potential, non-compliance with defined standards, etc.

Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization.

Develop and/or maintain expertise in identifying security risks in the hardware, software, and systems used by the organization.

Develop risk/vulnerability assessment programs and questionnaires to identify and/or address identified security risks.

Perform and/or respond to information technology assessments, penetration tests, and/or audits of organizational automated systems and processes, interpret results, and develop and communication recommendations for improvement to management.

Provide security awareness training to organization employees.

Administer and manage Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS) Perform and manage an internal Continuous Compliance Monitoring Program Lead coordination of any IT security related incidents and be the point of escalation for enterprise security incidents.

Assist with incident response thru the life cycle including follow up with lessons learned and remediation measures to prevent similar future incidents.

Develop, maintain, report on security program metrics to measure program effectiveness.

Perform and manage Supplier Risk Assessments Review and verify security patch processes to ensure critical patches are applied to systems properly and work with system owners to remediate.

Performs product evaluations, recommends and implements enterprise security products/services.

Validates and tests security architecture and design solutions to recommended vendor technologies.

Provide reporting metrics/create and maintain dashboards for department functions.

Proficient in the use of Word, Excel, Project and Visio Assist manager/director in planning, time budgeting and scheduling work for completion.

Participate in opportunities that enhance personal and professional growth and the accomplishment of career objectives through continuing education, seminars and participation in field-related professional organizations.

Accountable for execution of assigned tasks from start to finish, while fully leveraging the disciplines expected of a compliance and security analyst role according to department standards, procedures and processes.

Stay current with emerging issues affecting the Cybersecurity profession.

nn Qualifications and Required Skills: nn 2-5 years” experience in Information Security is desired, preferably in Ecommerce/Retail environments.

Strong experience with IT security standards and best practice frameworks.

(like ISO 27001/27002, NIST, ITIL, PCI, SOX, HIPAA, FISMA, etc.).

Ability to work with subject matter experts, vendors, and 3 rd party MSSP to coordinate activities to complete compliance/security related projects or tasks in a timely manner.

Knowledge of hardening concepts and audit for Unix, Linux, Windows servers and desktop systems.

Knowledge of common application vulnerabilities, current threat vectors and mitigations.

Knowledge of IP protocols, networks, security architectures and security threats.

Experience with network and application vulnerability scanners.

(like Nessus, Nmap, AppScan, Burp, OWASP, ZAP).

Experience with GRC tools Experience with IP networking, networking routing protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, WAF devices, proxy services, DNS, email, Active Directory, LDAP, and access-lists.

Knowledge of internet and web application security techniques.

(like SANS, OWASP).

A Bachelor”s degree in Computer Science, Information Security Management, Engineering or equivalent is required.

Security certifications like CISA, CISSP are highly desirable.

nn nn
– provided by Dice nnby Jobblenn