General Summary

The Security Compliance/Risk Analyst will bring knowledge of and experience with industry laws, regulations, mandates, and industry security best practices, such as PCI DSS standards, NIST Cyber Security Framework, CPNI, PII and other IT security, risk, and compliance-related laws. This individual will support other security compliance and risk initiatives and ensure that the company policies are in line with industry standards and the company’s practices are in compliance with its own policies.

Essential Duties/Responsibilities

• Lead the design, review, and implementation of strategic and tactical security initiatives.
• Identify significant actual and potential cyber security problems, trends, and weaknesses and recommend specific modifications and solutions to reduce information systems security risks
• Provide architectural guidance and facilitate the implementation of security solutions to integrate into existing network environment
• Review requirements and make recommendations on the appropriate infrastructure protection tools, methods, and technologies
• Develop strategies for responding to future security challenges
• Review and update security policies, procedures, and standards, and present them to management for endorsement
• Establish technical or procedural enforcements for pertinent policies within the organization
• Facilitate organizational-wide communications and institute measures to ensure information security awareness and compliance
• Review new and existing applications, systems, networks, and software designs for potential security risks, and resolve integration security issues across disciplines
• Review vendor security practices and ability to comply with company security standards
• Define the scope and level of detail for applicable security plans and policies
• Review, interpret and coordinate implementation of the requirements of ISO/IEC, PCI, SOX, HIPAA and other applicable industry standard policies, mandates, and standards
• Review and further develop plan and methodology for testing and measuring IT compliancy
• Act as a key member of the Incident Response Team, who may be called upon to represent in the investigation of serious cyber security violations that potentially impact the integrity of the infrastructure
• Recommend action for containment and remediation based on findings, and following up to ensure the implementation of corrective actions
• Monitor security infrastructure and tools to insure reliability and integrity of the company’s networks, systems, and applications
• Regular, consistent, and punctual attendance
• Performs other duties as assigned

Job Requirements

• Bachelor’s Degree in Computer Science or a related discipline or an equivalent work experience.
• At least five years of work experience in any of the following: IT Compliance, Internal Audit, IT Audit, External Audit, SOX, HIPAA, PCI, or similar
• Ability to function at all levels of the organization and communicate with all levels of IT, business, vendors, and customers
• Strong understanding of Audit process and methodologies
• Knowledge of IT concepts, strategies and methodologies

• Superior knowledge compliance and regulations – PCI, Sarbanes Oxley, NIST CyberSecurity Framework, CPNI and other applicable industry standards
• Strong working knowledge of MS Office Software (Excel, Access, Word, Outlook, PowerPoint)
• Demonstrated ability to draw critical conclusions from security policy analyses and make persuasive recommendations
• Excellent strategic thinking and planning skills to provide authoritative advice and recommendations to support a best-in-class compliance and risk program
• Excellent interpersonal and relationship management skills
• Excellent verbal and written communication skills
• Ability to establish trust and credibility to build supportive relationships
• Proven ability to identify and solve problems independently

Working Conditions

• Employee remains in the sitting position for prolonged hours. Employee is occasionally required to stand, walk, use hands to handle or feel objects, tools or controls; reach with hands and arms; talk and hear. Employee must occasionally lift and/or move up to 30 pounds without assistance. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.
• Employee will regularly be required to work in tight spaces, under desks, in closets, equipment racks, overhead cable management, ceilings and under raised floors
• Working conditions may include being in an open (shared) cubicle/workspace area

Disclaimer

This job description is not meant to be an all-inclusive statement of every duty and responsibility which will ever be required of an employee in this position, however, the employee will be held responsible for all duties assigned.

Please feel free to review our Benefits at the following link: https://www.risebroadband.com/careers/benefits