Security & Compliance Assessment Analyst
Hybrid-Remote/ FULL-TIME
Summary
The incumbent coordinates and performs security assessment functions and control testing reporting and activities in accordance with Internal Controls compliance, regulatory and departmental policy and procedures. The Analyst updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. This position ensures compliance with PCI, HIPAA, GDPR, PII, internal controls, regulatory and information security policies and procedures. The incumbent works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. The Security Assessment Analyst takes a lead role in ensuring the security of all protected information collected, used, maintained, or released the organization.
Key Responsibilities
Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.
Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves PCC’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
Key Skills
A four-year college degree or equivalent industry training and certifications.
1-year experience in a security analyst or related position.
Technical knowledge of enterprise-class technologies such as firewalls, routers, switches, wireless access points, VPNs, and desktop and server operating systems.
Thorough understanding of cloud technology (AWS, Azure, Active Directory, SQL, Office365, and the Windows server and desktop operating systems.
Proficiency with Windows PowerShell, CMD line, etc.
Linux is a plus
Certifications such as Security+, AWS SAA, Cyberframeworks,
Understanding and enforcing security and compliance frameworks such as NIST, Cobit, and ISO.
