87 applicants

This job has closed.

Company

Jenzabar · 19 hours ago

Senior Security Analyst – Risk and Compliance

United States

Full-time

Remote

Senior Level

$80K/yr - $100K/yr

5+ years exp

Maximize your interview chances

CRMEducation

No H1B

Insider Connection @Jenzabar

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead centralized audit and IT compliance support in the facilitation of all audit and other customer assessment requests and remediation efforts. Primary audits currently include SOC 2, PCI-DSS, HECVAT, and TX-RAMP/State-RAMP.

Creating and maintaining IT Governance frameworks, policies, standards and procedures, and response plans.

Drive consistency in the way IT/Security risks are identified, controls are implemented and monitored and share best practices and learnings across the company.

Analyze current IT/Security risks and identify/monitor emerging risks which can affect the company and work with leaders and IT managers to ensure existing and emerging risks are understood and appropriate mitigations are implemented.

Lead IT/Security risk and governance program activities, such as risk assessments, risk exceptions, risk ratings, risk mitigation and remediation recommendations.

Document the company’s remediation efforts for IT/Security risk exposures, gaps, and deficiencies, and complete remediation validation to assess effectiveness of improved controls.

Work with leadership to create, maintain, and present Key Risk and Performance Metrics (KRI/KPI).

Identify and resolve technical, operational, risk management, and organizational challenges.

Collaborate on developing and implementing a centralized audit evidence repository and GRC tools.

Facilitate and oversee training to address identified weaknesses in team member knowledge of requirements, policies, or procedures, and to foster a culture of compliance.

Provide support in documenting technology controls and technological landscape.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

GovernanceRisk ManagementComplianceCISA CertificationCISSP CertificationCISM CertificationRisk AssessmentPolicy DevelopmentProject ManagementCOBITITILISOCOSONISTAudit Reporting

Required

Bachelor’s Degree in Information Technology or Information Security related field.

5+ years of experience working with governance, risk, and compliance within Information Technology and/or Information Security.

Strong project management skills with inherent ability to drive multiple programs, stakeholders, and teams towards organizational goals.

Experience developing frameworks and processes to drive a risk-based approach to incorporating standard frameworks such as COBIT, ITIL, ISO, COSO, and NIST into an enterprise compliance management process.

Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations.

Ability to influence others at senior levels and establish credibility and working relationships with a wide range of corporate personnel, including technical operations, management, and executives as well as internal audit and external regulators.

Capable of establishing and maintaining an effective program structure that emphasizes the coordination of resources across projects, managing deliverables between projects, and the overall costs and risks of the compliance programs.

Experience with the development of formal written reports to communicate audit results and recommendations to management and business stakeholders.

Ability to facilitate productive meetings and work successfully in a team-oriented environment.

Strong ability to handle multiple competing priorities in a fast-paced environment.

Preferred

Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certification preferred.