Senior Analyst, IS Governance and Compliance

Deerfield Beach, FL - USA

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

The Senior Information Security Governance & Compliance (G&C) Analyst at JM Family Enterprises plays a key role in supporting and maturing the organizations information security governance and compliance program. This position is responsible for supporting compliance initiatives executing and coordinating audits performing security control assessments and partnering with business and technology stakeholders to ensure adherence to regulatory contractual and internal security requirements.

The Senior Information Security G&C Analyst serves as a trusted advisor to control owners helps operationalize security controls across the enterprise and provides stellar customer service to stakeholders. This role will report to the Governance Risk and Compliance and Offensive Security Manager and support the Information Security department to provide the highest quality assurance program to our customers.

This is an onsite/hybrid role (3 days/week) from our Deerfield Beach office in South Florida.

Responsibilities:

Governance & Compliance

Lead and coordinate internal and external audits including SOC examinations and regulatory assessments
Manage compliance with applicable regulations and frameworks (e.g. SOC 1/2 HIPAA CCPA NYDFS 500 GLBA)
Develop maintain and enhance information security policies standards and procedures
Ensure compliance artifacts and documentation are accurate current and auditready
Report status updates completely accurately and timely manner.
Maintain subject matter expertise and demonstrate superb critical thinking skills to ensure audit assessments and questionnaires are effective and efficient
Advocate and champion information security practices
Execute security control maturity assessments using interviews documentation reviews and evidence analysis
Support implementation and continuous improvement of control frameworks such as NIST ISO 27001 CIS or COBIT
Conduct periodic internal assessments for security risk and compliance
Perform other essential duties as assigned

Stakeholder Engagement

Collaborate with IT security legal privacy procurement and business teams across the enterprise
Communicate security and compliance requirements to stakeholders with varying levels of technical expertise
Provide clear concise status reporting to management
Foster strong working relationships and serve as a subjectmatter resource for G&Crelated inquiries
Serve as a subjectmatter resource for G&Crelated inquiries

Skills:

Experience working with auditors
Project management skills for managing multiple complex activities
Strong organizational skills with the ability to thrive in a sense-of-urgency environment leveraging best practices and approaching any problem as a team player with a can-do attitude
Knowledge of controls frameworks and applicable regulatory compliance mandates (e.g. NIST CIS CSC COBIT CCPA HIPAA GLBA SOC 1 Type 2 MAR)
Conduct research in keeping abreast of regulations and the latest security issues
Knowledge to evaluate build and optimize security program elements as assigned (e.g. logical access control application security vendor risk management network security privacy)
Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership
Excellent analytical problem-solving and decision-making skills applied with a solution-focused attitude
Strong self-directed work habits exhibiting initiative drive creativity maturity self-assurance and professionalism

Qualifications:

Bachelors degree in Information Security Information Technology Risk Management or a related field (or equivalent experience)
5 years of experience in information security governance risk management audit or compliance
Certifications such as CISA CISM CISSP CRISC CIPP or GIAC or equivalent professional certifications
Strong working knowledge of security and privacy frameworks and regulatory requirements
Experience supporting or leading internal and external audits
Excellent analytical written and verbal communication skills
Experience with GRC platforms (e.g. Archer ServiceNow GRC or similar tools)

#LI-AM1

#LI-HYBRID

This job description may not be inclusive of all assigned duties responsibilities or aspects of the job described and may be amended at any time at the sole discretion of JM Family. All work arrangements are subject to associate performance business need and manager discretion and may be revised as necessary.

JM FAMILY IS PROUD TO BE AN EQUAL OPPORTUNITY EMPLOYER

JM Family Enterprises Inc. is an Equal Employment Opportunity employer. We are committed to recruiting hiring retaining and promoting qualified associates without regard to age race religion color gender sex (including pregnancy childbirth and related medical conditions) sexual orientation gender identity gender expression mental or physical disability national origin marital status citizenship military status genetic information veteran status or any other characteristic protected by federal state provincial or local law.

DISABILITY ACCOMMODATIONS

If you have a disability and require a reasonable accommodation to complete the job application process please contact JM Familys Talent Acquisition department at for assistance. If you have an accommodation request for one of our recruiting events please notify us at least 72 hours prior so that we may provide assistance.

Required Experience:

Senior IC

The Senior Information Security Governance & Compliance (G&C) Analyst at JM Family Enterprises plays a key role in supporting and maturing the organizations information security governance and compliance program. This position is responsible for supporting compliance initiatives executing and coordi...