IT Risk and Compliance Analyst
Washington, Illinois, United States of America
Full Time
3 hours ago
$90,000 - $115,000 USD
No Visa Sponsorship
Key skills
Risk ManagementCommunicationTime ManagementNetwork Security
About this role
Role Overview
- Provide IT security, risk, and compliance advice to business units on an ongoing basis.
- Analyze and address gaps in operations to ensure integrity of processes, controls, and policies.
- Assist in maintaining and updating Information Security Program policies and procedures as needed, also completing a yearly review to ensure all documentation is properly updated.
- Provide governance for participation in the information security incident response process by ensuring that the process is being followed and documented.
- Respond to escalated security events and drive the security incident response process.
- Participate in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments.
- Works with internal and external auditors to demonstrate and provide evidence for controls that are in place.
- May conduct additional testing to validate that items found during testing have been remediated.
- Responsible for completion of client security questionnaires and working with the business units to assist with RFI responses related to IT security.
- Assists in vendor vetting to ensure our vendors, business partners, or suppliers are using the same or higher security practices.
- Assists in conducting Risk Assessments and annual reviews for any new or current vendors, business partners, or suppliers.
- Assists with complex security assessments that require both analytical and technical skills across a broad range of Information Technology topics (e.g., Identity and Access Management, Security Architecture, Physical and Environmental, etc.).
- Assists with evaluating, testing, documenting, and maintaining the firmwide DR and BCP policies, processes, and standards.
- Assists with the Security Awareness Training program initiatives related to phishing campaigns and coordinate with HR to deliver ongoing employee training.
Requirements
- Associate Degree or equivalent work experience
- 3 years of experience in two or more major information technology functions (infrastructure, operations, datacenter, application support, etc.)
- 3 years IT security, IT compliance, or IT risk management experience desired.
- 3 years of experience involving ISO27001 annual surveillance audits and full recertification audits.
- Familiarity with industry frameworks and standards such as SOC2, HIPAA, HITRUST is a plus.
- Familiarity with GDPR and CCPA.
- Familiarity using GRC tools.
- Knowledge of application and network security, information security risk and industry best practice (how to best manage risk).
- Experience with building, executing, and maintaining DR and BCP program.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Excellent written/verbal communication skills and time management skills.
- Strong troubleshooting, problem-solving and analytical skills.
- Position may require traveling for short periods.
Benefits
- Health insurance
- 401(k) matching
- Paid time off
- Professional development opportunities
- Flexible work arrangements