Security and Compliance Analyst

Security and Compliance Analyst

by Brian Borsa|June 10, 2008
  • Permanent
  • Sherwood, AR
  • Reference: ARK11G

This position manages the IT related risk mitigation projects and programs for the
company and clients.  The main areas of responsibility include information technology

security, regulatory compliance, and business continuity. 


 -Develops and implements IT security policies, standards, procedures, guidelines, 
employee training, and awareness.
 -Reviews the development, testing, and implementation of security plans, products, 
and control techniques.
 -Investigates and recommends appropriate corrective actions for data security incidents.
 -Provides security consulting/project management services on highly complex information 
security projects and issues.
 -Identifies security risks to the organization and ensures that appropriate data security 
procedures and products are implemented.
 -Maintains an awareness of industry security policies and government regulations 
pertaining to information security.
 -Identifies regulatory changes that will affect information security policy, standards, 
and procedures and recommends appropriate changes.
 -Gathers and reviews data from diverse system environments including development, 
testing and production systems. Identifies and assesses the risks presented by the data 
gathered and documents that assessment in a security plan.
 -Provides the lines of business recommendations for mitigating identified risks based on 
accepted policies and practices.
 -Champions the use of sound information security principles across the entire organization.
 -Ensures the company is in compliance with all applicable industry regulations.
 -Monitors compliance with defined internal control policies and procedures in relation to 
applicable regulatory and industry requirements to which the business must conform.
 -Performs internal and client audits, reviews, and assessments.
 -Retains all documentation around policies, procedures, audits, and assessments.
•Business Continuity/Disaster Recovery: 
 -Develops, implements, and maintains the company’s comprehensive Business Continuity
 and Disaster Recovery programs.
 -Provides guidance and coordinates efforts of IT staff members in the development and 
maintenance of disaster recovery procedures and plans for key areas of the organization.
 -Reviews changes in the Disaster Recovery (DR) strategy, and in physical or personnel 
resources to assure the effectiveness of the disaster recovery procedures.
 -Assures documentation required for disaster recovery is properly maintained in the 
Disaster Recovery Planning (DRP) software and in hard copies at designated recovery locations.
 -Develops and conducts effective training programs for employees and clients.
 -Facilitates the communication of issues within the areas of responsibility.
 -Keeps informed on best practices, industry changes, and new security threats.
 -Represents the company and is active within local, national, and global industry users 

groups and communities of interest. 

Skills Required:

•Must have the skills and abilities to effectively perform the essential duties and
responsibilities laid out within this document.
•Ability to use business acumen to effectively balance the competing demands of risk 
mitigation, cost, and business requirements.


Education Requirement:

•Minimum Education: BS in computer science or related field.
•Minimum Experience: 4 years in IT / 2 years in IT Security.
•Preferred Experience: 7+ years in IT / 4+ years in IT Security.
•Preferred Certifications: CISSP, CISA, SANS.
•Experience working with IP networking, networking protocols and understanding 
of security related technologies including encryption, PKI, VPNs, firewalls, proxy 
services, DNS, electronic mail and access-lists.
•Experience working with Internet, web, application and network security techniques.
•Experience working with relevant operating system security (Windows, Linux, etc.)
•Experience working with leading firewall, network scanning and intrusion detection 
products and authentication technologies.

•Experience with PCI-DSS and PA-DSS preferred.

To apply for this job email your details to brian@cycle3it.com

Choose a style:

Purchase Now!