Careers

Search Jobs Connect With Us

Sr. Security Compliance Analyst

Job Attributes

Job Id:

20411

Job Category:

Cyber Security & Information Assurance

Job Location:

Philadelphia, PA  19103

Security Clearance:

Not Defined

Business Unit:

Piper Companies

JOB DESCRIPTION

Basic Purpose/Function:

Under the direction of the Vice President, the Sr. Security Compliance Analyst will act as a key member of the Compliance, Assurance and Risk team. The Sr. Security Compliance Analyst’s primary responsibilities are leading the financial sector compliance activities (SOX, NYDFS, FFIEC, GLBA) and aligning client’s policies and controls with industry standard best practices and frameworks (CSF, NIST, etc) Additional duties include collaborating with Internal Audit to track assessments and findings. The Sr. Security Compliance Analyst may also participate in the implementation and/or execution of an information security risk management program as appropriate for Client’s business model and risk appetite.

Primary Duties and Responsibilities:

1. Directly accountable for coordinating and delivering on Clients’ financial sector compliance activities. Must be familiar with how to interpret controls and suggest compensating mitigation strategies where applicable. Expected to drive efficiency by aligning frameworks and with industry standards and frameworks. Map regulatory requirements across functions to identify compliance, audit response and customer diligence efficiencies. Ensure inventories of controls and administrative protection requirements are up to date and correctly implemented.

2. Coordinate and conduct Clients’ SOC2 control activities.

3. Assist in the development and management of Clients’ security policies, standards, process and procedures in coordination with key stakeholders. Mature and sustain a program to ensure that all governance artifacts are formally reviewed, approved & maintained, and outcomes are effective. Serve as lead on projects and initiatives to promote compliance with new or existing security policies. Coordinate issuance of information security awareness publications and courses to ensure the Client’s community is aware of the company’s information security policies. Work with other organizational leaders to ensure information security policies

continually comply with appropriate laws, regulations and overall corporate policy.

4.     Assist in the implementation and maintenance of a comprehensive security risk management program. Core duties are to execute and maintain a risk rating and prioritization plan to prioritize risk reduction and determine focused investments. Conduct risk registration including tracking mitigation, compensating controls and acceptance. Institute assurance process automation.

5. Assist the VP to grow and mature the information compliance, assurance, Internal Audit response and risk management capabilities at Client’s. Improve stakeholder confidence, maintain situational awareness, and ensure organizational alignment across the Information Security Architecture and Information Security Operations Teams. Monitor the effectiveness of the information security program, recommend improvements, create actionable metrics and provide regular reports on status and activities.

6.  Assist in development and maintenance of Clients’ information security strategy and roadmap that continually matures the company’s security program in alignment with the threat environment and Clients’ overall business goals.

Knowledge:

· Expert knowledge of the information security standards and frameworks including NIST, CIS, CSF, and the Critical Security Controls.

· Working knowledge of multiple security disciplines, including some of the following: policy definitions, controls frameworks and enforcement; network/perimeter security; system hardening; security event monitoring; vulnerability assessment and remediation; patch management; anti-virus; intrusion detection and response; forensics; encryption technologies; secure coding; physical security; identity and access management; ITAM; authentication and authorization; content monitoring & filtering, vulnerability & patch management; intrusion detection; managed threat detection and response; data loss prevention.

· General understanding of other relevant technologies: Active Directory, Microsoft Windows 7/10, Server 2012/2016; RHEL 6/7; firewalls; load balancers, VDI, and related.

· Working knowledge of Auditing standards and related frameworks including ITAF, ISO, COBIT, COSO.

Skills & Abilities:

· Experience in a large financial services or insurance organization

· Ability to work independently with or without direction and/or supervision

· Ability to prioritize and multitask in a high pressure and results-oriented environment

· Ability to understand a range of IT disciplines. eg. networking, operations, service desk, infrastructure/architecture, and application development.

· Expert written and verbal communication skills with a focus on translating complex security/IT terms into plain English. Focus on clarity and impact

· Proven project management skills

Prior Work Experience

·   3 - 8 years of related work experience

Education and Credentials

· Bachelor’s Degree required.

· CRISC, CISA, PMI-RMP, CGEIT, CISSP, CIPP or similar preferred.

Apply Now

CONTACT INFORMATION (Required)
RESUME (Required)
No file selected
x
Formats accepted: .doc / .docx / .pdf / .txt
Don't have a resume? Click here to fill out a short form.

Copy/paste your resume inside the text editor below:

ADDITIONAL INFORMATION (Required)
WORK HISTORY (Required)
Add another experience (optional)
EDUCATION (Required)
Add another degree (optional)
SKILLS (Required)
Add another skill (optional)

The following error(s) occurred:

Please wait while your job application is being processed. This may take a few moments.
New Search

Job Id:

20411

Job Category:

Cyber Security & Information Assurance

Job Location:

Philadelphia, PA  19103

Security Clearance:

Not Defined

Business Unit:

Piper Companies