Information Security Compliance Analyst (5175)
Glen Allen, VA 23060
Morton has an immediate need for a Information Security Compliance Analyst for a customer located in Richmond, Virginia. The Information Security Compliance Analyst will work in support of our customer' s Information Security Program. The Information Security Compliance Analyst ensures that adequate and effective processes and controls are followed and aligned to deliver compliance with security policies, standards, and other legal and regulatory requirements. The Information Security Compliance Analyst assists in verifying the enforcement of corporate, regulatory, and risk management policies and assists in maintaining and publishing policies and standards for the enterprise.
- Ability to assess information security-related compliance risks based on business needs.
- Reviews acquired entities information security compliance program based on customer' s information security framework and provides gap analysis. Ensures gaps are properly documented and closed.
- Support the our customer' s Information Security Compliance Program, ensuring the identification, tracking, prioritization, and mitigation/remediation of all compliance requirements.
- Work closely with internal and external auditors to coordinate audit timing, control finding remediation, re-testing, and reporting.
- Research regulations by reviewing regulatory bulletins and other sources of information.
- Communicate applicable regulations, policies, and standards and associated controls throughout the organization and ensure those controls are being adhered to.
- Ensure adequate and effective controls exist to meet current and future compliance requirements found in local, state, and federal laws and regulations.
- Develop, support, and maintain a centralized repository of controls aligned with Security and regulatory requirements.
- Partner with other members of the technology team to ensure that adequate controls are considered, evaluated, integrated, and adhered to and that on-going processes are established to maintain acceptable levels of risks.
- Assist in the development and delivery of awareness programs that set the stage for training by changing organizational attitudes to realize the importance of compliance and the adverse consequences of its failure.
- Responsible for tracking key metrics and producing dashboards and reports that assist management with making sound compliance and business decisions.
- Support Sarbanes-Oxley (SOX) testing for security related controls.
- Track, update, comment on and close issues within JIRA.
- Strong written and oral communication skills.
- Strong organizational and analytical skills.
- Experience with MS Office (particularly Word and Excel) a must.
- Experience with vulnerability and compliance scanning and reporting tools.
- Self-motivated and directed.
- Experience working in a team-oriented, collaborative environment.
- Ability to communicate technical information in a business friendly manner.
- High aptitude for learning new tools and skills quickly.
- Good technical documentation skills.
- Knowledge of NIST or similar control framework is a plus.
- Knowledge of New York State Department of Financial Services Cybersecurity Regulation (NYDFS Cybersecurity Regulation), Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR) and other security or privacy regulatory guidance a plus.
- Experience with JIRA is a plus.
- College degree in Information Systems or a relevant field.
- 2 - 5 years of relevant general information technology or IT/security compliance experience required.
- Certifications are a plus.