Information Security Analyst (240033)
Job Summary
Supports Consumer Cellular and Information Security Governance and Compliance programs to include:
Information Security, PCI and SOC controls, gap analysis, maintenance, remediation, security awareness and secure coding techniques using a compliance framework.
Participate in the coordination and execution of the planning and performance of regular control activities, while working directly with the technical and business stakeholders. Interface with internal and external compliance and audit personnel to identify appropriate risk factors, assess the adequacy of existing controls and drive remediation of control weaknesses to ensure compliance requirements are met and maintained.
Assist in the implementation and management of a continuous monitoring and compliance program to reduce audit fatigue and gain efficiency. Collect, review, and maintain artifacts required for compliance activities in a secure internal repository. Collaborate with internal stakeholders on a regular cadence to discuss, collect, and review this information.
Assist in the selection and implementation of a formal GRC tool to help the organization to accurately identify and manage risk in various areas (such as IT, assessment gaps, third party risk, etc).
Responsibilities
- Support efforts to identify risk to the business, quantify/rank risk so the initial impact is visible, work with internal stakeholders to identify ways to remediate/mitigate risk, and manage residual risk to acceptable limits using internal process and documenting in the risk registry.
- Support the continuance of the company’s Information Security Compliance programs, including PCI and SOC, and other related compliance needs as identified.
- Support the annual PCI Audit as liaison. Validate internal resources, conduct internal artifact collection, support technical interviews, and perform other support activities for this required audit are conducted with the required level of attention to detail to ensure successful completion on time and under budget.
- Drive Compliance and Privacy Awareness and training efforts throughout the organization.
- Maintain and, where necessary, write Information Security, Compliance, and Privacy policies and standards.
- Support Information Security Program growth and management.
- Assist in third-party assessments with external business partners and across assigned services resulting in certifications and attestations on time, within budget, while meeting key requirements.
- Work with process owners to develop and implement controls which meet the control objectives.
- Work with control owners to ensure testability of existing controls and regularly validate that control activities are being performed according to schedule (continuous monitoring).
- Support remediation processes to address control issues identified, including tracking and managing remediation action plans in a centralized location.
- Proactively identify existing and emerging IT risks and report up to IT/IS Management.
- Monitor processes and system configurations to ensure compliance with internal policies and procedures (continuous monitoring).
- Assist in the performance and organization of a periodic user access review process.
- Support efforts of status and performance reporting related to information security, compliance risk and controls effectiveness.
- Assist in standardizing general controls, including those managed outside of IT.
- Participate in the planning for disaster recovery and business continuity management programs.
- Support development of KPI and KRI to manage team performance and key risk that can impact organizational compliance and regulatory requirements.
- Lead internal projects and provide guidance/training to less experienced staff.
Preferred Qualifications and Experience
- Bachelor’s degree in Computer Science, Management Information Systems or related technical field.
- Minimum of 3 years of experience in IT or IS Governance, Risk & Compliance.
- Hands-on experience with managing external compliance assessments such as SOC 1/2, ISO 27001, and PCI-DSS.
- Working knowledge of conducting Third Party Service Provider/Vendor risk assessments.
- Working knowledge and understanding of one or more compliance obligations such as SOC 1/2, ISO 27001, PCI-DSS, NIST 800-53.
- One of the following industry security certifications is required: CISA, CISM, CDPSE, CISSP, PCI-PCP, PCI-ISA, or PCI-QSA.
- Experience and knowledge with information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
- Technical proficiency with security-related systems and applications, especially Firewalls, IDS/IPS, Vulnerability Assessment tools, Endpoint solutions, Proxy servers, Security Incident and Event Management Systems, Data protection mechanisms (such as FIM and DLP).
- Proficiency in IT Systems and understanding of Networking and Computer Information Systems.
- Demonstrates accountability, leadership, and initiative in complex projects, team building, and other tasks as assigned.
Job Competencies
- Excellent written and oral communication skills; ability to communicate at all levels in the organization (with senior management, with technical and business-oriented project staff, with users and stakeholders).
- Ability to gain the confidence of the team as well as Executive-level stakeholders by communicating regularly, keeping commitments and delivering as promised.
- Ability to foster buy-in and cooperation through persuasion, influence, and persistence.
- Strong time and project management skills required.
- Ability to work effectively independently.
- Able to negotiate with peers and superiors to ensure the work gets done.
- Well-organized and capable of tracking, managing, and resolving issues on multiple projects simultaneously.
- Self-motivated, professional, flexible, comfortable with ambiguity in a diverse organizational environment.
- Continuous learner.
- Proficient skills and knowledge of servant leadership, facilitation, situational awareness, conflict resolution, continual improvement, empowerment, and increasing transparency.
Pre-employment background check and drug screen is required.
#tech2024
Primary Location: United States-Arizona-Scottsdale
Other Locations: United States-Arizona-Scottsdale
Job: Information Technology
Schedule: Full-time
Travel: No
Job Posting: Mar 29, 2024
Unposting Date: Apr 4, 2024