Information Security Compliance Analyst in East Lansing, MI at Vaco

Date Posted: 10/1/2019

Job Snapshot

Job Description

Facilitating processes related to compliance, privacy, vendor security assurance, and information security programs:

  • Contribute and facilitate internal functions of information risk management, data protection compliance, IT audit, and information security assurance
  • Facilitate customer-initiated vendor security assessments/audits and document requests
  • Support internal processes of risk identification, evaluation, communication, and remediation
  • Assist with Service Organization Controls (SOC) audit process for the organization and its subsidiaries
  • Contribute to the company-wide security awareness program and compliance training
  • Assist with annual enterprise risk assessment and PCI-self assessment activities
  • Preserve the high standards of confidentiality, integrity, and availability

KNOWLEDGE/ SKILLS/ ABILITIES

  • Experience in the technology industry
  • Strong background in information security and risk program development
  • Strong knowledge of local/global legal and regulatory requirements/obligations and ability to identify emerging issues and themes
  • Strong interpersonal skills; ability to work with all levels of internal staff, customers, and prospective customers
  • Experience with large information security and risk projects, assessments, and audits
  • Excellent written and verbal communication skills; strong presentation skills
  • Technical proficiency in security hardware, services, and software
  • Ability to effectively represent the organization to a variety of internal and external constituencies
  • Possesses a strong sense of urgency and ownership over projects and deliverables
  • Working knowledge of federal and state data protection laws preferred, e.g., GLBA, HIPAA, PCI DSS, State Breach Notification Laws, FCRA, etc.
  • Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards, e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, CIS CSC 20, and BITS

QUALIFICATIONS

  • MUST HAVE:
    • Proven experience in information security programs in a software-related technology company
  • OVERALL EXPERIENCE:
    • At least 1-3 years of previous experience in Information Security, Risk Management, or IT Audit
    • 1-3 years of project management experience
  • EDUCATION:
    • Bachelor's degree in Information Security, Information Technology, Business, or related field required
  • CERTIFICATIONS:
    • Certified as a Sans GIAC, or CISA preferred