Security Analyst

Security Analyst

01 Dec 2024
California, Torranceca 00000 Torranceca USA

Security Analyst

Vacancy expired!

Currently, we are looking for talented resources for one of our listed clients. If interested please reply to me with your updated resume or feel free to reach out to me for more details at

949-407-6740.

Title: Security Analyst
Location: Torrance, CA (Seeking local candidates)
Duration: 12 Months
Work Hours: 8am to 5pm

Job Description:
  • Establish, Maintain and Enforce Customer-specific Information Security (Cybersecurity), Data Privacy, and GRC Controls, Policies, Procedures and Standards.
  • Continuously monitor the status and effectiveness of all Information Security (Cybersecurity), Data Privacy, and GRC Controls
  • Develop Information Security (Cybersecurity) and Data Privacy processes and procedures and supports service-level agreements (SLAs) to ensure that effective controls and countermeasures are managed and maintained Ensure key risk indicators documented and are effectively monitored to prevent a negative impact on business objectives and brand reputation.
  • Ensure Remediation Plans and/or Compensating Controls are established to address risks or gaps identified by AHM IT GRC Staff or reported by internal and external auditors.
  • Establish continuous monitoring of all risks and gaps until they have been resolved. Compensating Controls must be re-evaluated at least annually to ensure they are still effective at addressing a risk or gap.
  • Maintain the Information Security & Risk Division's Information Security (Cybersecurity), Data Privacy and GRC Policies, Procedures and Standards Documentation, including the associated repositories and portals.

The Analyst will assist with the following key tasks:
  • Support Third-Party vendor risk assessment processes; utilizing strategic partnerships with multiple internal stakeholder groups (procurement, legal, and business side operations).
  • Ensure Customer is following all required Global & Regional policies/standards via assessments and audits of existing processes.
  • Partner with other internal non-IT, and external groups to stay aware of the changing landscape e.g., new legislation and changes to existing legislation.
  • Partner with all Customers to provide support and provide guidance on remediation/countermeasure plans regarding areas requiring strengthening in security & privacy.
  • Monitor and report on remediation/countermeasure status monthly; working with the remediation owners.
  • Support GRC project activities as required to achieve unit level objectives; these may include but are not limited to: monitoring project progress, tracking non-compliant activities, resolving problems, publishing progress reports, remediation consultation, and driving remediation activities to completion.
  • Improve technical and business process by studying current practices, identifying problems and recommending solutions.
  • Support project managers as requested in performing daily, weekly, monthly, reviews and project updates.
  • Maintain and expand current documentation for policy & privacy compliance program activities as required in support of the daily operations.
  • Perform other assigned tasks as need for the GRC Unit as requested by leaders.

Required Skills - MUSTS:
  • Bachelor's degree in information systems or equivalent work experience.
  • Industry-accepted Certification n for Information Security or Data Privacy
  • Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks.
  • Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation.
  • Audit, compliance or governance experience is required
  • Experience implementing Generally Accepted Privacy Principles (GAPP) or COBIT
  • Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
  • Experience developing and/or implementing a governance model for privacy and confidentiality.
  • Experience with consumer credit, consumer and/or retail services marketing, and supplier management is beneficial.
  • Experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
  • Experience overseeing information security and/or data privacy projects from concept through implementation.
  • Strong understanding of business applications, including ERP and financial systems.
  • Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and UNIX] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
  • Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
  • Must be self-motivated with strong analytical, organizational, planning and problem solving skills.
  • Strong technical and business writing skills, as well as strong communication skills.
  • Ability to communicate well with technical teams, executives, auditors and business owners and other stakeholders as required

Business Experience:
  • 10+ yrs. experience with information security, privacy, or related field preferably in the captive finance or banking industries
  • Strong proficiency in performing enterprise risk, business impact, control, vulnerability, and privacy impact assessments.
  • In-depth knowledge of risk assessment methods and technologies.
  • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.

WANTS:
  • Previous working experience with GRC and in Information Technology with defining, analyzing, and documenting process, procedures related to disciplines within IT
  • Understanding of regulated environment or related IT audit background and Information security related projects.

Demonstrate extensive knowledge of Third-Party Vendor Risk Management:
  • SOC2 Type 2 report analysis
  • Data Security Safeguard Agreements (DSSA)
  • Contractual review processes
  • Penetration test results analysis
  • HITRUST and ISO Certification analysis

Demonstrate knowledge of Risk Management Processes:
  • Risk triage process
  • Risk exception process

Job Details

  • ID
    JC6257862
  • State
  • City
  • Job type
    Permanent
  • Salary
    N/A
  • Hiring Company
    Denken Solutions
  • Date
    2020-12-01
  • Deadline
    2021-01-30
  • Category

Jocancy Online Job Portal by jobSearchi.