We are looking for an experienced Senior Security Compliance Analyst in its Information Technology Services team. This role ensures the client meets local and global security compliance requirements, ensuring new systems implemented are properly secured and any potential risks are raised to management in a timely manner.
What you will do:
Senior Security Compliance Analyst will have the ability to comprehend applicable compliance (ISO27001, 27017, 27018, NIST 800-53 rev 4, SOC2, Cloud Alliance) requirements, effectively interpret and communicate the requirements to internal teams, and execute efforts to produce actionable plans.
The role will be responsible in coordination of third party and internal audits (SOC2, ISO27001 27017-018), client, vendor and internal audits) by working collaboratively with internal teams, SMEs, and other key stakeholders.
This role will also work alongside the Senior Manager of Information Security team on client queries, contract reviews and questionnaires from clients.
What is the experience requirement:
Strong knowledge and understanding of the security industry practices and standards, specifically familiarity with ISO 27001, 27017-18, NIST 800-53 rev 4 and SOC2 (Type 1 & 2).
Quality Experience in conducting cloud Security compliance reviews (Azure|AWS|O365).
Proficient in designing audit risk treatment plan inclusive of following up on Action Plans.
Experience in responding to Requests for Information (RFIs) and Security Due Diligence Questionnaires (DDQs) from prospective clients in regards to Information Security.
Mastery of Security contract process and language specific to the security program.
Excellent oral and written communication skills.
What you bring to the role:
6+ years of solid experience and knowledge with Security Compliance, Governance and Risk Management.
Bachelor’s or Master's degree in Information Technology, Computer Science or a related work experience, or equivalent.
Previous security experience in an internal or consultancy role collaborating with internal ITS teams as well as business teams.
The ideal candidate will maintain one or more of the following certifications