Information Security Analyst en DCM Services

Description

Make your next move your best move!

DCM Services provides specialized receivable solutions to our clients. Our culture is what sets us apart from other competitors in the industry. We also stress the importance of a healthy work-life balance. The well-being of our employees comes first.

The Information Security Analyst is responsible for assisting in the development, implementation, and certification of an Information Security Management System (InfoSec Program) based on ISO27001/2 standards by performing various documentation tasks that define how the  program operates.  

Requirements

Essential Job Functions: 

• Manage, review, and reconciliations of various events and access levels, gathering of metrics for all scorecard processes, review control implementations to improve the program(s) or remediate audit findings, and providing responses to auditors/questionnaires concerning the Company’s information security posture.
• Assist with managing the InfoSec program document lifecycle so that program documentation reflects the relevant controls in place to mitigate risks. 
• Manage tickets to track new hire access setups, changes, and access revocation. 
• Ensure the organization’s Profile Definition Matrix is kept current to reflect changing business needs. 
• Ensure that the Annual/New Hire Policy and Security Training Slides are reviewed and updated prior to the annual training period. 
• Conduct monthly phishing test, summarize results, and offer suggestions to reduce the risk 
• Ensure annual Operations Support and Accounting Department Business Continuity Plan table-top testing exercises are executed and testing documentation is generated. 
• Work with cross functional teams to identify actual events that would be good candidates for the annual InfoSec incident response test process. 
• Work with cross functional teams, and other SMEs to schedule and participate from start to end inclient audits and participate in audit findings remediation related to IT and information security findings.
• Perform audits of each Support-level vendor to ensure compliance with the Company Vendor Management Program. 
• Ensure all granted swipes into secure areas are reviewed and tickets reflect owner approval on a weekly basis. 
• Participate in the weekly quarantine monitoring rotation to address emails quarantined by the organization’s email data leakage prevention (DLP) system. 
• Partner with IT to ensure that reviews of firewalls are performed, documented in the ticket, and actively track any clean-up items to completion by the IT Department.
• Understand and adhere to Company information, security and privacy responsibilities as detailed in the Information Resource Usage Policy, Employee Manual, and client-specific publications.

Skills/Experience/Education: 

• Associate’s Degree in a field involving problem solving, logical reasoning or evaluation against objective or subjective criteria and/or four or more years of work experience in Computer 
• Science/Information Technology, Quality Assurance, Compliance Management, or Accounting. 
• Previous experience demonstrating strong technical writing ability.
• Basic awareness of information security frameworks such as ISO/IEC 27001, PCI DSS, NIST SP800-53, SOC 1, and SOC 2.
• Familiar with regulatory requirements for security/privacy as defined in HIPAA/HITECH, GLBA, and CCPA.
• Basic awareness of security architecture/engineering principles, the software development process and change management control concepts, familiarity with disaster recovery and business continuity control concepts.
• Ability to work independently and as part of a team with minimal supervision.
• Ability to communicate effectively and professionally 
• Ability to manage multiple responsibilities at once and ability to switch back and forth between tasks based on their importance or urgency
• Interest in pursuing an information security certification such as CISSP, CISA, CISM, CRISC, CompTIA series of certifications is preferred but no certification is required.