Compliance Analyst III

Responsibilities:

• Assist in conducting enterprise-wide, ongoing risk analysis in tandem with compliance and internal audit.
• Support the development and maturing of mandatory documentation (SSP Packages and supporting documents)
• Support continuous monitoring efforts and maintain POA&Ms (Plan of action and milestones) include control and vulnerability management.
• Support Federal Compliance Assessments - Liaison with auditors and accreditation
• Support customer risk assessments, audits and evidence collection.
• Assist in the development and maintenance of the  Information Security Risk Register 
• Monitor control effectiveness and escalates where issues are identified
• Contribute and co-manages KPI programs including monitoring and metrics
• Contribute to security requirement documentation packages 
• Assist in development and maintenance of Information Security control mappings to defined frameworks
• Ensures risk treatment plans are appropriately communicated and tracked to the proper level of management
• Perform Technology and Information Security risk assessments
• Collaborate with Internal Audit and other assessors on Audits for Technology
• Work closely with cross functional teams to address control maturity or issues
• Review and provide feedback on other members work and documentation
• General knowledge of security technologies and approaches to secure an organization.
• General knowledge of risk management and how to use risk management in a security program.
•  

Requirements:

• A minimum of four (4) years’ experience in Information Security and/or Technology.
• Must have knowledge and experience in managing GRC tools.
• Must be highly analytical with the ability to present your analysis
• Must have great written and verbal communication
• Must have experience in performing risk assessments.
• Must have experience in maintaining metrics and measures.
• Must have experience in supporting customer audits
• Must have experience working with software engineering teams in an agile environment
• Prefer candidates with critical technical and IT security certifications, such as CISSP, CISM, CISA or equivalent.
• US Citizen

Preferred Requirements: 

• Experience in performing risk assessments
• Experience with vulnerability management tools and vulnerability risk analysis
• Experience with US federal programs and frameworks (FedRAMP, FISMA, NIST, etc) and POA&M management. 
• General understanding of Cloud technologies
• General understanding of meeting multiple federal and industry compliance frameworks such as FedRAMP, PBMM, iRAP, ISMAP, ISO 27001, SSAE-18 SOC2, CSA STAR, HIPAA, PCI-DSS, etc. 

Additional Skills:

• Ability to be an active member of a team
• Ability to communicate effectively (written and verbal) 
• Self-motivated to work on tasks independently within the team 
• Ability to educate other members of the on existing processes and technologies
• Adds to the diversity (gender, religion, race) of the team
• Self and quick learner
• Ability to ask questions
• Knowledgeable pertaining to news and current events.

Education:

• Bachelor’s degree/University degree or equivalent experience

#LI-SC1