200+ applicants

Company

LanguageLine Solutions · 2 days ago

Technology Audit and Compliance Analyst

United States

Full-time

Remote

Entry, Mid Level

$90K/yr - $105K/yr

2+ years exp

Maximize your interview chances

Language LearningNatural Language Processing

Insider Connection @LanguageLine Solutions

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Oversee programs, policies, and practices to ensure Language Line Solutions (LanguageLine Interpretation Services) complies with the Sarbanes-Oxley Act (SOX), SSAE16 SOC2, ISO27001, HITRUST, and customer audits related to the Information Services function.

Manage the development and testing of internal controls, reporting, and the identification of process deficiencies and improvements.

Responsible for security policy development, managing exceptions, promoting security awareness, conducting vendor risk assessments, monitoring cyber security, and addressing vulnerabilities related to CrowdStrike (EDR), Fortra, Qualys, and Kroll vulnerability and penetration testing results

Support LLS’ Quality Management System (QMS) to continually improve the Division’s processes, procedures, and services and thereby increase efficiency, productivity, effectiveness, and customer satisfaction.

Identify areas for improvement in Technology control environments across LanguageLine Interpretation Services, LanguageLine Translation Services, Fluent, and LanguageLine UK Services.

Lead testing of Technology controls for SOX, SSAE16 SOC2, PCI, ISO27001, and HITRUST on a monthly, quarterly, and annual basis.

Develop, maintain, and publish up-to-date Information Security Policies.

Seek automation opportunities and efficiencies in current controls for internal operations at LanguageLine Interpretation Services, LanguageLine Translation Services, Fluent, LanguageLine UK Services, and key vendors.

Serve as a key liaison between Technology & Risk Management and business units.

Align technology and business goals, securing support for technology control and security initiatives.

Actively contribute to and manage a variety of security projects for both internal and external customers.

Act as a Technology Subject Matter Expert (SME) for external technology audits and assessments.

Serve as an SME for Technology Security and Awareness programs for internal and external customers.

Evaluate information technology general controls (ITGC) related to information security, systems development life cycle (SDLC), change management, data center/physical security, data backup and recovery, computer operations, and associated risk exposures.

Lead vulnerability and penetration testing, including for internal/external networks and Over-The-Phone, Video, and Document Translation applications.

Actively monitor emerging threats using available alerting services and follow the incident response process as needed.

Support tier 1, tier 2, and tier 3 initiatives.

Support our vendor management and audit program.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Information systems complianceTechnology SOX complianceVulnerability assessmentActive DirectoryCyber securityISO27001HITRUSTSSAE16 SOC2Windows ServerLinuxHIPAANIST 800-53Incident managementChange managementTechnical scanningEmerging technologiesArtificial Intelligence (AI)Remote access technology

Required

2-3 years of experience in information technology, including knowledge and application of information systems compliance and controls.

2-3 years of experience with underlying technologies such as networking, Active Directory, Windows Server, and Linux.

1-2 years of experience in a compliance-focused role, or equivalent.

1-2 years of experience with Technology SOX, SSAE16 SOC2, ISO27001, and HITRUST.

Experience auditing general controls related to logical and physical access, permission sets, password configurations, change management, and incident management.

Strong proficiency in the logical security of Active Directory and remote access technology.

Demonstrated ability to research, learn, and apply new and emerging technologies, with a solid understanding of state-of-the-art and emerging technology compliance, cyber security threats, Artificial Intelligence (AI), technology trends, vendors, and products.

Knowledge of HIPAA, PCI, NIST 800-53, HITRUST, ISO27001, and SSAE16 SOC2 requirements.

Ability to perform technical scans for infrastructure vulnerabilities using commercially available tools and follow patching and incident management processes as needed.

Experience creating patching service requests and tracking remediation efforts.

Must be capable of handling confidential or sensitive matters with professionalism.