In the role of the Security Compliance Analyst, you will work collaboratively with key stakeholders across the IT organization, including external auditors, IT process owners, IT management, and business stakeholders. You will develop an understanding of the IT organizations’ processes, goals and strategies. Establish and implement a process to compile and analyze data from various security tools such as anti-virus, active directory, advanced endpoint threat detection, patching systems and develop meaningful and actionable IT compliance reporting. Demonstrate knowledge of information security standards and frameworks such as ISO 27001, NIST 800-171, NIST 800-53, other NIST publications and Defense Federal Acquisition Regulation Supplement (e.g. DFARS clause 252.204-7012).
The client is a leading vertically-integrated global manufacturer of chemical products and a leading U.S. manufacturer of ammunition. The client is the world’s leading producer of chlor alkali products and vinyls, the number one supplier of epoxy materials, the number one global seller of membrane caustic soda and chlorinated organics and the number one North American seller of chlorine, bleach and hydrochloric acid. The client's principal manufacturing facilities produce and distribute sporting ammunition, law enforcement ammunition, reloading components, small caliber military ammunition and components, and industrial cartridges.
- Perform and manage IT risk assessments to support requirements of various security frameworks.
- Ensure IT security design, controls, processes, and procedures are aligned with Information Security standards, guidelines, and policies in order to maintain Systems Security Plans.
- Facilitate the overall planning, execution, and reporting of risk assessments and IT compliance audits to support ISO and NIST requirements and other IT Security Compliance related initiatives.
- Continuously evaluate the efficiency and effectiveness of ISO and NIST audit strategy / methodology and propose improvements to achieve audit efficiencies.
- Identify opportunities to improve existing process and controls; recommend constructive corrective actions to address control deficiencies identified through compliance audits to strengthen IT security posture and improve IT processes.
- Actively manage agreed corrective actions by collaborating and communicating with IT action owners.
- Support development of System Security Plans, Cyber Improvement Plans, and Security Operating Policies and Procedures.
- Bachelor’s degree* in Computer Science, Cybersecurity, or related field required; Master's degree preferred.
- Minimum of 5 years of IT Security experience.
- Knowledge of information security concepts and technologies such as networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
- Direct experience with implementation and management of security frameworks such as ISO 27001, NIST 800-171, NIST 800-53, DFARS clause 252.204-7012.
- Certification such as Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP) or other similar certification preferred but is not required.
- Experience performing full lifecycle NIST specific security assessments.
- Excellent verbal and written communication skills with ability to communicate confidentially with all levels of IT management.
- Excellent analytical, problem-solving, and decision-making skills to mitigate risks and resolve control deficiencies.
- Ability to manage multiple responsibilities and projects simultaneously with varying degree of complexities and timelines.
- Demonstrate genuine desire in continuous learning and process improvement.
- Have a team player attitude with a willingness to work with other team members.
- Approximately 10% travel is required.
*Degree must be from a school that is accredited by an accrediting agency recognized by the Secretary of Education of the U.S. Department of Education or equivalent program from an international university.