Listing Description

Overview:
Our innovative and growing company is seeking an experienced Security Compliance Analyst to join our growing team!

This role will report to our Chief Security Officer and will establish strong relationships across the organization. This role is critical in representing our Security and Compliance while we rapidly expand our global enterprise customer & candidate base.

The ideal candidate will have with significant and current experience in PCI security and auditing. Experience supporting audit compliance programs and have exposure to information security in a SaaS environment.  Communication skills will be absolutely critical to success.

Job Summary:
As our Security & Compliance Analyst you will participate in security projects involving Corporate Security, as needed, such as participating in compliance and risk meetings, reviewing vendor assessments for security requirements
with significant and current experience directly executing 2 or more SOC2, ISO2700, fedRAMP, and/or PCI/HIPPA audits, resulting in successful accreditations/attestations.

Duties/Responsibilities:

• Plan, execute and lead security audits across an organization related to SOC2, PCI, HIPAA, and other compliance initiatives


• Highlighting shortcomings in the operation of platform security and compliance processes ensuring they are appropriately addressed


• Coordinate efforts for internal and external audits


• Develop, review, prepare and analyze compliance and assessment documents


• Conduct periodic reviews/audits of systems to insure adherence to current procedures and policies by all areas within the firm


• Work with business units and IT support staff to design remediation where deficiencies are identified


• Work with outside consultants as appropriate for independent security audits and/or testing


• Researching industry compliance regulations and policies


• Evaluating internal operational and procedural compliance


• Analyzing and updating existing compliance policies and related documentation


• Communicating compliance policies and guidelines to Management and designated departments


• Developing and executing new compliance policies and procedures as required


• Applying for compliance certification and regulatory approval


• Developing and maintaining a compliance recordkeeping system


• Training employees on industry compliance requirements


• Maintaining communication with compliance regulators and following up on applications


• Keeping up with compliance requirements and amendments to regulations

Required Skills/Abilities:

• To support the definition, implementation, assessment of policies and process as per the requirements of ISO 27001, PCI-DSS, SOC1 and SOC 2


• To define and implement of all the controls required by ISO 27001, PCI-DSS, SOC1 and SOC 2


• Perform risk assessment and mitigation planning


• Conduct the internal assessments /Internal audit in alignment with the requirements of international standards (ISO 27001, PCI-DSS, SOC1 and SOC 2)


• Findings/gap closure


• Coordinate with all stakeholders to ensure they are prepared to face the external audit and ensure the findings are closed on timely basis to help achieve certification within the targeted timeline


• Certifications: ISO 27001, PCI-DSS, SOC1 and SOC 2 is preferable


• 4+ years of relevant experience