We are looking for an experienced Security Compliance Analyst as a member of the Corporate Information Security team. As a senior member of the Information Security team, this position will play a key role in guiding the organization’s ISO27001 / HITRUST CSF certification program. This role will also lead in identifying/managing risk and ensure compliance with industry standards, relevant laws and regulations, industry best practices, and corporate policies. This position also assists in developing and maintaining internal security and operations framework. This team member will play an integral role in our goal of achieving global certifications. This is a full-time permanent position.

YOU WILL HAVE AN OPPORTUNITY TO: 

• Work with operations staff to achieve compliance with ISO 27001, HITRUST CSF, GDPR and other security standards and regulatory frameworks.


• Conduct risk assessment to information systems and business processes, perform gap-analysis and develop plans for achieving compliance / certification.


• Develop IT policies and procedures, and provide improvement recommendations to current policies and procedures.


• Collaborate with system administrators to ensure that appropriate controls are implemented, operating properly, in accordance with the corporate policies.


• Conduct audit readiness assessments and coordinate with internal and external functions and audit resources.


• Develop, collect and analyze security metrics to determine compliance and risk levels, as well as trends in systems and processes, and make recommendations on improvements and decisions based on information from the metrics.


• Work closely with the Corporate Information Security Team and other business units as required to understand IS related challenges and develop plans aimed at meeting those challenges.


• Respond to requests for information on security compliance from auditors, customers and partners.

WHO YOU ARE:

• Bachelor degree in Information Security/Systems, Computer/Electronic Engineering, Communications Engineering or related field, and 4-5 years of experience in information security, audit, compliance, risk management or related occupation


• Experience in compliance management such as ISO 27001, HITRUST CSF, SOC 2, NIST and GDPR.


• Experience in design and implementation of information security policies and controls


• Knowledge / Experience with core security technologies such as SIEM, firewalls, network and host intrusion prevention and detection systems, proxies, vulnerability scanners, and anti-virus solutions in relation to compliance


• Knowledge/Experience with cloud security management


• Demonstrated ability to understand and interpret audit, as well as compliance/security requirements


• Good to have - knowledge & experience working with privacy laws and regulations (e.g., GDPR, CCPA, HIPAA, PIPL, PDPO, PDPA, etc.) and deploying a Privacy Management Program


• Superior interpersonal and communication skills


• One or more of the following certifications preferred: ISO 27001 LA, CISSP, CCSP, CISA 

#LI-AH1

#LI-Hybrid