• Job Description

  Req#: 27720
  Role Title: IT Compliance Analyst (100% remote)
  
  Client: Follett Higher Education
  
  Location: 100% remote
  
  Duration: It is a 6 - month contract with possible extension
  
  Technologies/Skills- Required - Top 3:
  
  PCI Compliance
  
  Risk Management
  
  Governance
  
  Big 4 Public Accounting Firm
  
  Specific Outcome This Position Will Produce: Our client is currently seeking an IT Compliance Analyst is to assist in the development, implementation and operations of the governance, risk, and compliance function within the organization.
  
  Job Description:
  
  Position Overview
  
  The IT Compliance Analyst is to assist in the development, implementation and operations of the governance, risk, and compliance function within the organization. The candidate will be responsible for establishing and maintaining policies, standards, and control objectives and for advising on the development of security controls. The candidate will assist in establishing, measuring, and communicating information security metrics regarding the effectiveness of the overall information security program. This includes the development and monitoring of key risk indicators and key performance indicators both for operational and executive leadership stakeholders. This role will coordinate with regulators, auditors, and internal stakeholders to ensure the organizational GRC objectives are being met.
  
  Information Security Governance: 50%
  
  Creates, maintains, and socializes security policies, standards, and control objectives for the enterprise.
  
  Maintains a portfolio of information security metrics and reporting, specifically to monitor risk, risk reduction, and security program operational effectiveness. The consumers for this reporting are operational and executive leadership
  
  Report on security awareness training, phishing exercises, security training for development teams, and other security-specific training efforts.
  
  Risk & Compliance: 50%
  
  Assists in coordinate annual PCI certification activities.
  
  Establishes, implements, and monitors compliance with security controls; communicates and tracks resolution of security exposures, misuse, and/or noncompliance situations; escalates as appropriate to senior leadership.
  
  Assists in coordinate security assessments of internal and external facing information services; guides compliance with Follett policy and customer requirements.
  
  Assists the 3rd party risk management activity, including performing security reviews for third-party contracts involving Follett data or systems. Assists in the response to security questionnaires, RFP responses, audits, contract reviews, and associated activity.
  
  Performs information security risk assessments of vendors, contracted services, and other third-party services providers and facilitates risk assessments for new business ventures.
  
  Conduct risk assessments of information systems which includes creating asset profiles, evaluating threat likelihood and impact, and identifying mitigating controls to determine inherent and residual risk to systems.
  
  Provides GRC-specific guidance regarding security best practices to internal stakeholders
  
  Maintains the execution of, and reports on security awareness training, phishing exercises, and security education throughout the enterprise.
  
  Related Experience:
  • Bachelor's degree or equivalent - Computer Science, Information Systems or related discipline OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
  • 3-5 years of related experience in Information Security Governance, Risk & Compliance.
  • Strong written and oral communication skills and the ability to engage positively with the business community and IT management, staff, and customers.
  • Experience with regulatory obligations and frameworks, PCI-DSS, NIST-CSF, COBIT, etc.
  • Strong understanding of risk management principles and the ability to identify and remediate control gaps.
  • Ability to relate business requirements and risks to technology implementation for security-related issues.
  • Extensive knowledge of risk assessment processes and how to assess a functional area, apply policy and standards and monitor for compliance and effectiveness.
  • Experience performing or participating in security maturity assessments and subsequent remediation activities is highly desired.
  • Experience creating metrics dashboards or reports to monitor security program effectiveness is required specifically.
  • Decisive, highly motivated with a strong customer focus and attention to detail. Strong analytical and problem-solving skills. Solid project management skills, especially in a cross-functional environment.
  • Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people.
  • Previous experience working with third-party providers.
  • Extensive experience creating and maintaining policies, standards, and control objectives for information security programs.
  • Standard working hours, 8 am--5 pm, with on-call status 24/7.

• About the company

  The best remote jobs for you

Notice