GENERAL SUMMARY: The Cyber Security Analyst is part of the Information Security Department and work within the Risk and Compliance towers of GRC to implement and track compliance and risk activities with upward reporting. Areas of focus will include risk management policy and program adherence and continuous maturity development, conducting security assessments audits and compliance validations for internal controls such as User Access Reviews and regulations such as PCI DSS and HIPAA Security Rule. Areas of support will include Information Security training and awareness such as training platform on annual education requirements and means of distribution such as internal communication platforms and presentations. In addition, a successful candidate will be able to identify where IT and IT security policies and procedures are in place to maintain controls and where there are gaps that require ownership and placement, this may include following up and tracking through the policy publication process.
- Implement and maintain functions within the IT Risk Register system to provide dynamic reporting on metrics that demonstrate the posture and overall effectiveness of the security, risk management and compliance program.
- Maintain IT risk identification, mitigation, and acceptance processes in coordination with security and IT operations. Works with business and functional areas to perform risk assessments and make appropriate risk treatment decisions.
- Maintenance and reporting of key information security metrics and reports for both operational management and corporate executives.
- Deliver support to IT teams on remediation actions and development of remediation plans.
- Support ongoing awareness of program through training, info-sessions, and interactions to educate stakeholders on best practices and its value to the organization.
- Responsible to represent GRC at weekly Change Advisory Board (CAB) reviews/approvals of normal and emergency change requests.
- Develop and coordinate training on process and controls standards to business units that are accountable and responsible for PCI processes and other IT controls, specifically to PCI DSS.
- Collect and manage evidence in support of internal audits and third-party compliance assessments and certification reviews.
- Participate in due-diligence activities related to mergers and acquisitions, providing communication and recommendations to senior management.
- Maintain strong and meaningful relationships across all levels of the Enterprise Risk Management, Internal Audit, and Technology organization.
- Perform duties as requested by Management, in addition to the essential job functions described above.
- Bachelor's degree or equivalent experience required; major in Business, Computer Science, Information Systems, or related field
- 3+ years of relevant experience in the Information Security field with experience in the GRC area
- Certifications preferred: Certified Information Systems Auditor (CISA), Risk and Information Systems Control (CRISC), and/or Certified Information Systems Security Professional (CISSP)
- Knowledge of NIST 800-53, ISO 27001/02, PCI DSS, CMS, and other information security and privacy regulations.
- Strong attention to detail, making and keeping commitments and meeting deadlines.
- General overall knowledge of information technology operations.
- Excellent people and proactive communications skills.
- Strong analytical and problem-solving skills.
- Ability to proactively identify opportunities for continuous improvement.
- Excellent PC skills and demonstrated proficiency with MS Office Suite.
- Ability to handle multiple tasks and prioritize effectively.
- Willing to work in a strong team environment, constantly learning and teaching team members.
- Ability to plan and organize, results orientation, technical/professional knowledge.
- Self-driven to research, learn and implement new security standards.
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
- Strong ability to assess the big picture, connect the dots and apply to tasking.
- Coachable and willing to put in the effort to complete team objectives and goals.