Compliance Analyst #102171
A Compliance Analyst is currently needed for a direct-hire position in Fort Washington, PA. As the Compliance Analyst, you will be responsible for developing, implementing and administering plans, policies, techniques, and services ensuring ongoing compliance and security of company information resources, among other duties.
Responsibilities of the Compliance Analyst include:
- Achieves compliance for PCI and SOX by coordinating and managing the actions of teams across the organization and being the primary liaison between internal/external auditors and all business stakeholders.
- Identify and document security vulnerabilities and weaknesses in the environment such as unauthorized access potential, non-compliance with defined standards, etc.
- Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization.
- Develop and/or maintain expertise in identifying security risks in the hardware, software, and systems used by the organization.
- Develop risk/vulnerability assessment programs and questionnaires to identify and/or address identified security risks.
- Perform and/or respond to information technology assessments, penetration tests, and/or audits of organizational automated systems and processes, interpret results, and develop and communication recommendations for improvement to management.
- Provide security awareness training to organization employees. Administer and manage Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS)
- Perform and manage an internal Continuous Compliance Monitoring Program
- Lead coordination of any IT security related incidents and be the point of escalation for enterprise security incidents.
- Assist with incident response thru the life cycle including follow up with lessons learned and remediation measures to prevent similar future incidents.
- Develop, maintain, report on security program metrics to measure program effectiveness.
- Perform and manage Supplier Risk Assessments
- Review and verify security patch processes to ensure critical patches are applied to systems properly and work with system owners to remediate.
- Performs product evaluations, recommends and implements enterprise security products/services. Validates and tests security architecture and design solutions to recommended vendor technologies.
- Provide reporting metrics/create and maintain dashboards for department functions.
- Proficient in the use of Word, Excel, Project and Visio
- Assist manager/director in planning, time budgeting and scheduling work for completion.
- Participate in opportunities that enhance personal and professional growth and the accomplishment of career objectives through continuing education, seminars and participation in field-related professional organizations.
- Accountable for execution of assigned tasks from start to finish, while fully leveraging the disciplines expected of a compliance and security analyst role according to department standards, procedures and processes.
- Stay current with emerging issues affecting the Cybersecurity profession.
- Provides threat management overview for firewalls, intrusion detection systems, enterprise anti-virus and log monitoring tools. Responsible for reviewing and approving corporate, PCI In-scope firewall requests and WAF changes; perform WAF tuning as necessary.
- Monitor, report, and aid in the resolution of all security-related problems and discrepancies by monitoring assigned systems, maintaining documentation and provide management and any other appropriate areas with reporting as requested.
- Manage SIEM and in coordination with vendor SOC, ensure sufficient coverage to monitor PCI, PII, and all other assets storing, processing, transmitting company confidential/sensitive data. Ensure alerts from current and future systems are properly designed and monitored.
- Manage internal/external vulnerability management program and as appropriate expand scope of vulnerability scans, application/network penetration tests to cover enterprise and all systems/environments storing, processing, transmitting company confidential/sensitive data.
- Monitor appropriate sources for newly identified vulnerabilities, evaluate the risk such vulnerabilities pose to the organization's information and systems, and advise management of appropriate measures to eliminate or reduce the organization's risk or exposure to such vulnerabilities.
- Provide technical support/oversight for application code reviews as part of Application Security management program.
- A Bachelor’s degree in Computer Science, Information Security Management, Engineering or equivalent is required.
- 2-5 years' experience in Information Security is desired, preferably in Ecommerce/Retail environments.
- Knowledge of hardening concepts and audit for Unix, Linux, Windows servers and desktop systems.
- Knowledge of common application vulnerabilities, current threat vectors and mitigations.
- Knowledge of IP protocols, networks, security architectures and security threats.
- Knowledge of internet and web application security techniques. (like SANS, OWASP).
- Strong experience with IT security standards and best practice frameworks. (like ISO 27001/27002, NIST, ITIL, PCI, SOX, HIPAA, FISMA, etc).
- Ability to work with subject matter experts, vendors, and 3rd party MSSP to coordinate activities to complete compliance/security related projects or tasks in a timely manner.
- Experience with network and application vulnerability scanners. (like Qualys, Nessus, Nmap, AppScan, Burp, OWASP, ZAP).
- Experience with GRC tools
- Experience with IP networking, networking routing protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, WAF devices, proxy services, DNS, email, Active Directory, LDAP, and access-lists.
- Security certifications like CISA, CISSP are highly desirable.
CSS Tec is a business unit of Contemporary Staffing Solutions and a company that exudes unwavering results with urgency, honesty, and integrity. CSS Tec has been a leading provider of contract, contract-hire & direct hire solutions while also offering Project Management and implementations of Salesforce solutions. CSS Tec prides itself on internal retention, with the average recruiter’s tenure exceeding 5 years and some recruiters exceeding 15. CSS Tec is established in the Philadelphia Metro area & has a strong brand, incredible reach, & access to both active & passive candidates through well-established networks in the Greater Philadelphia area & nationally. Originally a staffing agency, we have evolved into a national provider of workforce management solutions with a niche recruitment focus in Information Technology &Salesforce. We respect our clients and candidates equally while keeping the client’s best interest in mind. We operate with pro-active pipelines, with the highest business ethics, a winning spirit in our approach, a team-oriented work flow, and with real cross training. The CSS Tec team coaches you with current business intelligence so that we can manage your expectations. It’s what makes CSS great and, most importantly, FUN to work with!
CSS works with our clients and candidates to communicate the opportunity being extended along with the experience required and approved by the client. In turn, the compensation is based on experience and the decision to extend an offer at a specific amount is determined by the hiring company, not CSS. We value the opportunity to represent you and are legally obligated does not and shall not discriminate on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status, in any of its activities or operations.