CSW discovers a new zero day in ZOHO CRM Lead Magnet!

Senior Compliance Analyst

Senior Compliance Analyst

 

<meta charset="utf-8" />

Senior Compliance Analyst - Job Description

Work Experience: 5-8 years

Minimum qualifications

MBA – IT or Information Security/ MCA x

Certifications:

CISA/ CISM/ CISSP – (Either of these certifications)

ISO 27001 Lead Implementer/Auditor

Description

  • Develop and manage enterprise-wide Information & Cyber Security policies, standards, and guidelines in accordance with global regulatory requirements, Client regulatory requirements, and industry-leading practices

  • Develop Privacy program, Business Continuity Management System, and Information Security Management System.

  • Single point of contact for Customer Interaction and governance

  • Develop and manage the Business Security Compliance program and Internal Security Audit calendar.

  • Drive Governance connects with Business, Customer and Senior Management

  • End-User Communication & Security Awareness of Employees and Partners

  • Create Management Dashboards and Technology Security metrics for Senior Management and Business

  • Drive and conduct certifications like ISO 27001, SOC2, PCI DSS, etc.

  • Deploy Governance Calendar and facilitate continual improvements in Security controls

Knowledge of:

  • Various Cyber Security, Business continuity, and Privacy frameworks like NIST, HIPAA, GDPR, ISO 27001, and PCI DSS

  • Applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations

  • Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols

  • Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration

  • Information systems auditing, monitoring, controlling, and assessment process;

  • Incident response management.

  • Risk assessment and management methodology.

Skills in:

  • Overall, 5-8 years working in the Cyber Security services/consulting industry with the rollout of IS Policy, Risk Management, Security Frameworks, ITIL/ITSM processes at the Enterprise level

  • Team Management – 2-5 members

  • Hands-on work experience in rolling out ISO27001, IS Policies, Risk Management & Compliance Security Frameworks, Business Security, NIST, and other Cyber Security framework.

  • Technology Risk Management, Security Governance Program, Compliance audits, Manage External certification audits, Manage Client Security Audits

Ability to:

  • Excellent writing and verbal communication.

  • Effectively communicate technical issues to diverse audiences, 

  • Apply a risk-based approach to planning, executing, and reporting on audit engagements and the auditing process

  • Evaluate and update and/or revise program materials

  • Learn quickly and apply knowledge to new situations

  • Handle sensitive and confidential matters, situations, and data

  • Develop and manage enterprise-wide Information & Cyber Security policies, standards, and guidelines in accordance with global regulatory requirements, Client regulatory requirements, and industry-leading practices

  • Develop Privacy program, Business Continuity Management System, and Information Security Management System.

  • Single point of contact for Customer Interaction and MSA governance

  • Develop and manage the Business Security Compliance program and Internal Security Audit calendar.

  • Drive Governance connects with Business, Customer and Senior Management

  • End-User Communication & Security Awareness of Employees and Partners

  • Create Management Dashboards and Technology Security metrics for Senior Management and Business

  • Drive ISO 27001, SOC2, ISO 27701, ISO 22301 certifications

  • Deploy Governance Calendar and facilitate continual improvements in Security controls

  • Manage Security Budgeting, Licensing, and Tracking

  • Support Business Projects in ensuring policies are incorporated correctly