Associate Global Security Office

What you'll do

• Perform IT Risk Analysis and Security Assessments including understanding security requirements, identifying potential risks, analyzing and scoring risks, recommending compensating/mitigating controls, and evaluating the company’s previous handling of risks
• Conduct kickoff, status, and closing meetings with stakeholders
• Manage third-party SOC audits as the key liaison for the organization, driving compliance throughout the year and managing the audit with the organization’s third-party auditor
• Drive compliance across frameworks (e.g. NIST CSF, SSAE 18 SOC 1,2,3, PCI, ISO 27001, etc.) as well as internal policies and procedures
• Assist in preparing reports to present to management
• Develop project plans, tracking, and reporting, and drive stakeholders to completion for audit deliverables
• Perform miscellaneous job-related duties as assigned
• Ensure compliance issues are correctly identified, evaluated, investigated and resolved
• Provide consultative services to business areas on the appropriate controls needed to ensure ongoing regulatory compliance
• Conduct periodic reviews of Information Security risk within the policies, procedures and frameworks to identify opportunities for continuous improvement and ensure that the content remains accurate and current
• Execute plans or roadmaps for security service strategy proposed improvements

Requirements

• 4-6 years of industry experience in Governance Risk, and Compliance
• Strong experience and detailed understanding of technology, regulations, and information security or compliance management best practices
• Ability to evaluate and recommend preventative and corrective controls to mitigate risk to the organization
• Understanding of various components of an information security program
• Technical aptitude, with the ability to effectively communicate with a working knowledge of all areas of IT controls
• Strong project management and communication skills (written and oral) with internal stakeholders and external/internal auditors
• Possession of standard certifications in Information Security or Compliance (CISSP, CISA, CISM, CRISC)
• Significant experience in applying SOC audit requirements to business and technical environments
• Strong working expertise with Information Security, Compliance & IT Management Standards; ISO27001, SOC 1 & SOC 2, PCI
• Understanding of technology frameworks, including NIST CSF and ISO 27001
• Proficiency with Microsoft Office software, Excel, Word, PowerPoint, Visio and SharePoint
• Intermediate abilities in Excel, including pivot tables and vlookups
• Experience supporting security controls, compliance and audit activity within a service provider organization
• Understanding of supporting security controls, compliance and audit activity within a service provider organization with multiple technologies and architectures; Windows, Unix/Linux, VMWare, Oracle, SQL, IPS/IDS, DLP, and other security technologies
• Strong understanding of business applications
• Knowledge of network infrastructure
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues
• Advanced written and verbal communication and presentation skills
• Excellent teamwork and client service skills

Tech stack