Our Client is looking for an IT Security and Compliance Analyst to provide operational support in the performance of tasks required to support technology and processes in the Information Security department.  The primary objective of this role will be to perform the work necessary to maintain operational excellence and compliance for systems and software.  The secondary function will be to perform the tactical work necessary for the planning and control of IT Security systems and software.  In addition, the Analyst will monitor and assist in compliance efforts for various regulations and any associated audits.

Duties

Build and maintain strong relationships within a highly matrixed organization in order to identify issues and drive Information Security compliance.
Develop a thorough understanding of business, systems and processes in order to provide tailored Information Security solutions and services  minimizing disruption while maximizing impact.
Identify current risk / security posture , identifying potential exposures.
Monitor and document exceptions to policy presented for approval to confirm risk statement and assess action plan to mitigate risk.
Perform vulnerability scans and oversee patch management processes.
Perform security related reporting functions, e.g. Monitor and maintain security metrics.
Participate in technology projects to identify Information Security weaknesses in proposed systems / applications and assist in development of appropriate solutions based on risk assessment.

Requirements:
 
Work within Information Security or IT related teams with a focus on a risk-based approach.
Specialist knowledge in Information Security risk assessment and controls management or penetration testing.
In-depth IT and Information Security knowledge and experience with either PCI, HIPAA or GLB.
Knowledge of the legal and regulatory environment within which Financial Organizations operate.
Experience in Security and Risk function or audit preparation/response.
Relevant Information Security or technical qualifications (e.g. SSCP, GIAC, CEH etc.) or wiliness to work towards one.
Bachelor’s Degree in Computer Science, Information Systems, or other related field or equivalent in information security related technical training and experience.

Job keywords/tags:  security , risk , PCI , HIPAA , GLB , compliance