Information Security Compliance Analyst bei None

POSITION PURPOSE

The Information Security Compliance Analyst plays a pivotal role in safeguarding the organization’s information assets by leading compliance initiatives, managing vendor and client security assessments, and supporting incident response efforts. This position ensures alignment with industry standards such as ISO27001, SOC 2, PCI DSS, and GDPR, while maintaining robust governance frameworks and security policies. The analyst collaborates cross-functionally to enhance security operations, drive continuous improvement, and uphold regulatory compliance across ITA Group’s systems and third-party relationships.

ACCOUNTABILITIES & PERFORMANCE EXPECTATIONS

Security Operations & Compliance

• Lead client and vendor security assessments, including third-party reviews, risk assessments, and questionnaire responses.
• Build and manage workflows for vendor assessments and due diligence.
• Oversee compliance audits (SOC2, PCI, ISO27001, TruSight), including evidence collection and process optimization.
• Support the Information Systems Incident Response Team (ISIRT) during security events.
• Assist in developing requirements for security tools and operational procedures.
• Evaluate and recommend emerging security technologies and products.
• Provide off-hours support on a rotating and as-needed basis.
• Coordinate with external suppliers to resolve security incidents.

Systems & Tools Management

• Administer and monitor various security tools to ensure optimal performance and coverage.

Audit & Incident Management

• Conduct quarterly audits of systems in scope for compliance.
• Maintain incident logs and ensure readiness for ISO27001 certification.
• Investigate and remediate Microsoft Security alerts.

Compliance Certifications

• Collaborate with Legal to support privacy regulations and ensure compliance with GDPR and other frameworks.

Governance Management

• Develop and implement Data Loss Prevention (DLP) rules for sensitive document handling.
• Enhance Insider Threat Protection capabilities.
• Maintain and update InfoSec policies and procedures.
• Provide organization-wide coaching and mentorship on security policies.
• Ensure regulatory and compliance requirements are consistently met.
• Establish and maintain a security framework and auditing process.
• Manage security questionnaires and third-party data security risk assessments.
• Analyze and investigate security anomalies using platform reports, logs, and alerts.

POSITION REQUIREMENTS

• Bachelor’s degree in computer science, information technology, or equivalent experience.
• Eight or more years’ experience in information technology support with at least five years of experience in system administration and system design.
• Security certification such as CISSP, CISA, or CISM are required. Technical certifications in Cisco and Microsoft products is preferred.
• Excellent communication and documentation skills.
• Strong experience with ISO27001, SOC 2, PCI DSS 4.x, GDPR, and other regulatory frameworks and privacy regulations.
• Ability to demonstrate ownership of systems and drive the technology forward to the goals of the company.   Direct involvement in the annual planning and budgeting process for Information Technology.
• Strong communication skills and the ability to interact with other systems personnel in a team environment.
• Ability to maintain confidentiality pertaining to nonpublic business, financial, personnel, salary, and technological information, plans or data.
• Ability to think analytically to solve technical problems individually and in a team environment.
• Ability to effectively plan, schedule and coordinate projects and meet deadlines, managing multiple project concurrently.
• Ability to analyze and communicate technology performance results.  Specific experience working with our current primary technology and software preferred.
• Ability to listen, understand and respond to external and internal customers’ needs in a timely manner; customer service experience in a service-related industry preferred.
• Ability to work the time necessary to complete projects and/or meet deadlines.