Compliance Specialist

They need candidates with a combination of corporate compliance and software development compliance as well. Candidate should have the following 3 aspects in their profile:

1) Strong knowledge of software development lifecycle. SDLC, knowledge of SAAS on cloud environment. Should have developed compliance of custom applications on cloud environment.

2) Knowledge of Linux and ability to distinguish between Linux, Unix and other operating systems like Microsoft

3) Networking: Candidate should be able to read network diagrams. Should be able to decipher from the s/w architecture network diagrams where server sends the data and how the load balancer handles the data etc. How controls are incorporated around firewalls, policies and procedures around firewall implementation in a networking environment. Should know basic knowledge on common protocols like TLS, http, https, secure FTP/FTS.

What you'll do:

Client is looking for an Information Security Compliance Analyst to help develop and manage the security compliance program. The Compliance Analyst will join the Security Team that is responsible for delivering both internal and external audit with industry standard compliance frameworks like ISO 27001 and PCI-DSS as well as the Shell Control Framework. The candidate will work cross functionally across the organization to gather, assess, recommend, and implement technical and organizational controls.

Roles and Responsibilities:

Develop and maintain enterprise security policies and procedures

Work with information security management to develop strategies and plans to enforce security requirements and address identified risks

Ensure compliance by regularly conducting internal audits to track adherence and perform gap assessments to track compliance readiness.

Report to management concerning residual risk, vulnerabilities, and other security exposures including misuse of assets and noncompliance

Work with the information security team and application developers to identify, select and implement technical controls

Maintain an awareness of security and control issues in emerging technologies

What We're Looking For:

Basic Qualifications

3 - 4 years' professional experience in Security Compliance (IT Audit, Risk, Compliance, IT Operations

1-2 years leading or participating in ISO 27001, SOC 2, or PCI-DSS audits, certification and accreditation activities

Preferred Qualifications

Industry certifications like CISA, ISSA, CISSP, Security+, PCIP, PCI-ISA

Familiarity with AWS cloud infrastructure and components

Exposure to Linux/UnixOS

Ability to work independently without supervision and collaboratively with other teams

A self-motivated individual who pro-actively seeks out work to be done and follows through

Bachelor's degree in a relevant technical field is preferred