Job DescriptionThe Security Compliance Analyst assesses, communicates, and reduces risk to the organization focusing on identifying risk based on team input, proactive compliance activities, and vendor risk management. The Security Compliance Analyst works in support of IT Security compliance requirements and company risk tolerance.Responsibilities
- The Security Compliance Analyst supports the security compliance program, tracking completion and remediation of compliance activities, and documenting compliance program evidence.
- Investigates and determines where threats exist based on input from the Security Operations Center (SOC) team, current policy requirements, and threat hunt information.
- Responsible for company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices.
- Assists with vulnerability management reporting including patch management tracking and software code analysis reports.
- Collaborates with team to develop compliance program strategy.
- Evaluates the security of vendors and hosted solutions based on approved Information Security standards.
- Determines risk and potential impact based on emerging security threats.
- Supports the security compliance program, ensuring the identification, tracking, prioritization, and remediation of all internal and external compliance requirements; also supports Internal Audit activities and remediation requirements.
- Ensures adequate and effective IT controls exist to meet applicable current and future security compliance requirements found in laws, regulations, frameworks such as requirements to comply with SOX (Sarbanes-Oxley), SOC II, and state / federal privacy law.
- Supports and updates a centralized repository of security controls aligned with corporate, regulatory, security framework requirements.
- Coordinates the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistent.
- Collaborates with share service areas (internal controls, risk management, legal and HR) on the maturation of policies/procedures related to compliance activities.
- Assists with identity management reviews from automated and manual systems.
- Part of rotational on-call support for Tier 2
- Perform other duties as required and/or assigned.
Qualifications
- 5 to 7 Years of experience in Information Security
- Bachelor's degree in computer science or related field.
- Experience with laws, regulations, frameworks such as requirements to comply with SOX (Sarbanes-Oxley), SOC II, and state / federal privacy law.
- Proven information security audit experience
- Experience with vulnerability management
- Experience with third-party risk management and enterprise risk assessments
- Experience with security awareness and training functions and tools
- Proven analytical, strategic vision drawing on strong problem-solving abilities.
- Able to prioritize and execute tasks in a high-pressure environment.
- Strong written, oral, and interpersonal communication skills.
- Ability to present ideas in business-friendly and user-friendly language appropriate to both executive and managerial audiences.
- Highly self-motivated and directed.
- Keen attention to detail.
- Skilled in working within a team-oriented, collaborative environment.
About UsAcosta and Mosaic are the sales and marketing powerhouses behind the most recognized and proven brands with top retailers in the United States and Canada. We offer flexible services that maximize efficiency. Acosta has the talent and technology to build data-, reach- and relationship-driven strategies to execute those strategies, and the tools to monitor, track and optimize metrics-based results for customers and retailers.The Acosta Group, in good faith, believes that this posted range of compensation is the accurate range for this role at the time of this posting. The Acosta Group may ultimately pay more or less than the posted range depending on candidate qualifications and locations. This range may be modified in the future.The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. The Acosta Group reserves the right to modify all or part of any job descriptions at its discretion in order to meet and or exceed the needs of the business.The Acosta Group, in good faith, believes that this posted range of compensation is the accurate range for this role at the time of this posting. The Acosta Group may ultimately pay more or less than the posted range depending on candidate qualifications and locations. This range may be modified in the future.The Acosta Group utilizes E-Verify for validating the ability to work in the United States for all job candidates. If you want more information on what this entails and your rights as a job applicant, please use the link provided to access information on our use of E-Verify and your right to work. Employer Resources (e-verify.gov) The Acosta Group is an Equal Opportunity Employer.We are committed to providing accommodations for persons with disabilities. If you require accommodation, please contact ...@acosta.com, we will work with you to meet your needs, to the extent required by law.By submitting your application, you agree with and accept the Acosta Privacy Statement and Terms of Conditions.