Security and Compliance Analyst

Summary:

 This position manages the IT related risk mitigation projects and programs for the 

company and clients.  The main areas of responsibility include information technology

security, regulatory compliance, and business continuity. 

Responsibilities:

 •Security:

 -Develops and implements IT security policies, standards, procedures, guidelines, 

employee training, and awareness.

 -Reviews the development, testing, and implementation of security plans, products, 

and control techniques.

 -Investigates and recommends appropriate corrective actions for data security incidents.

 -Provides security consulting/project management services on highly complex information 

security projects and issues.

 -Identifies security risks to the organization and ensures that appropriate data security 

procedures and products are implemented.

 -Maintains an awareness of industry security policies and government regulations 

pertaining to information security.

 -Identifies regulatory changes that will affect information security policy, standards, 

and procedures and recommends appropriate changes.

 -Gathers and reviews data from diverse system environments including development, 

testing and production systems. Identifies and assesses the risks presented by the data 

gathered and documents that assessment in a security plan.

 -Provides the lines of business recommendations for mitigating identified risks based on 

accepted policies and practices.

 -Champions the use of sound information security principles across the entire organization.

•Compliance:

 -Ensures the company is in compliance with all applicable industry regulations.

 -Monitors compliance with defined internal control policies and procedures in relation to 

applicable regulatory and industry requirements to which the business must conform.

 -Performs internal and client audits, reviews, and assessments.

 -Retains all documentation around policies, procedures, audits, and assessments.

•Business Continuity/Disaster Recovery: 

 -Develops, implements, and maintains the company’s comprehensive Business Continuity

 and Disaster Recovery programs.

 -Provides guidance and coordinates efforts of IT staff members in the development and 

maintenance of disaster recovery procedures and plans for key areas of the organization.

 -Reviews changes in the Disaster Recovery (DR) strategy, and in physical or personnel 

resources to assure the effectiveness of the disaster recovery procedures.

 -Assures documentation required for disaster recovery is properly maintained in the 

Disaster Recovery Planning (DRP) software and in hard copies at designated recovery locations.

•General

 -Develops and conducts effective training programs for employees and clients.

 -Facilitates the communication of issues within the areas of responsibility.

 -Keeps informed on best practices, industry changes, and new security threats.

 -Represents the company and is active within local, national, and global industry users 

groups and communities of interest. 

Skills Required:

 •Must have the skills and abilities to effectively perform the essential duties and 

responsibilities laid out within this document.

•Ability to use business acumen to effectively balance the competing demands of risk 

mitigation, cost, and business requirements.

 

Education Requirement:

 •Minimum Education: BS in computer science or related field.

•Minimum Experience: 4 years in IT / 2 years in IT Security.

•Preferred Experience: 7+ years in IT / 4+ years in IT Security.

•Preferred Certifications: CISSP, CISA, SANS.

•Experience working with IP networking, networking protocols and understanding 

of security related technologies including encryption, PKI, VPNs, firewalls, proxy 

services, DNS, electronic mail and access-lists.

•Experience working with Internet, web, application and network security techniques.

•Experience working with relevant operating system security (Windows, Linux, etc.)

•Experience working with leading firewall, network scanning and intrusion detection 

products and authentication technologies.

•Experience with PCI-DSS and PA-DSS preferred.