Information Security Risk and Compliance

Job Description

Multiple Information Security Risk and Compliance Positions are available.

• Entry-level to mid-senior level
• Internship, Part-Time, Full Time

We are seeking to hire multiple Information Security, Risk, and Compliance professionals to work with our customers on risk assessment, compliance, and cybersecurity projects.  As part of project delivery teams, these professionals are responsible for the execution, monitoring, and enforcement of the information security governance, risk management, and compliance projects.  The successful candidate will oversee day to day execution of operational information security risk and compliance initiatives at PurpleBox and/or our clients. 

Responsibilities:

• Manage and execute the day-to-day information security risk and compliance operational activities
• Develop and recommend appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization
• Identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
• Communicate regularly with teams and staff as part of risk assessments, follow-up on open issues, status tracking, and other miscellaneous items.
• Independently design, recommend, plan, develop, and support implementation of project-specific security solutions to meet requirements
• Manage remediation of identified risks and vulnerabilities; identify those within the organization responsible for remediation tasks; track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to all constituents
• Provides regular reporting metrics on the current state of the program.
• Other duties as assigned

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Business Administration, or related field 
• Experience in information security risk assessment, compliance and/or security operations
• Previous experience in one or more of the areas below is a plus:
• --- IT Security Strategy and Management
• --- Risk Management, IT Audit, and Compliance
• --- Network, System, Database administration, support and/or help-desk experience
• --- Application Security, Software Development
• --- Security Monitoring, Data Loss Prevention, Incident Response
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. 
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Working knowledge of relevant security regulations, standards and frameworks, including SOC2, ISO27000, PCI, HIPAA, and NIST CSF.

Professional certifications such as CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor) or other similar credential is a plus.