Employer Active
They need candidates with a combination of corporate compliance and software development compliance as well. Candidate should have the following 3 aspects in their profile:
1) Strong knowledge of software development lifecycle. SDLC, knowledge of SAAS on cloud environment. Should have developed compliance of custom applications on cloud environment.
2) Knowledge of Linux and ability to distinguish between Linux, Unix and other operating systems like Microsoft
3) Networking: Candidate should be able to read network diagrams. Should be able to decipher from the s/w architecture network diagrams where server sends the data and how the load balancer handles the data etc. How controls are incorporated around firewalls, policies and procedures around firewall implementation in a networking environment. Should know basic knowledge on common protocols like TLS, http, https, secure FTP/FTS.
What you'll do:
Client is looking for an Information Security Compliance Analyst to help develop and manage the security compliance program. The Compliance Analyst will join the Security Team that is responsible for delivering both internal and external audit with industry standard compliance frameworks like ISO 27001 and PCI-DSS as well as the Shell Control Framework. The candidate will work cross functionally across the organization to gather, assess, recommend, and implement technical and organizational controls.
Roles and Responsibilities:
Develop and maintain enterprise security policies and procedures
Work with information security management to develop strategies and plans to enforce security requirements and address identified risks
Ensure compliance by regularly conducting internal audits to track adherence and perform gap assessments to track compliance readiness.
Report to management concerning residual risk, vulnerabilities, and other security exposures including misuse of assets and noncompliance
Work with the information security team and application developers to identify, select and implement technical controls
Maintain an awareness of security and control issues in emerging technologies
What We're Looking For:
Basic Qualifications
3 - 4 years' professional experience in Security Compliance (IT Audit, Risk, Compliance, IT Operations
1-2 years leading or participating in ISO 27001, SOC 2, or PCI-DSS audits, certification and accreditation activities
Preferred Qualifications
Industry certifications like CISA, ISSA, CISSP, Security+, PCIP, PCI-ISA
Familiarity with AWS cloud infrastructure and components
Exposure to Linux/UnixOS
Ability to work independently without supervision and collaboratively with other teams
A self-motivated individual who pro-actively seeks out work to be done and follows through
Bachelor's degree in a relevant technical field is preferred
Full Time