Information Technology Security and Compliance Senior Analyst

Published February 12th, 2024

 

 

Functions:

  • Work independently to manage the company’s information security program and ensure the development of best practice policies, procedures, and standards based on various governance frameworks.
  • Lead IT SOX effort over the effectiveness of internal controls including documentation of IT General Controls (ITGCs), IT application controls (ITACs), key interfaces, key reports/spreadsheets, and SOC 1 reports. Participate and document key IT walkthroughs in conjunction with our internal/external auditors. Remediate control deficiencies, recommend improvements, and provide guidance to key members of Management.
  • Lead reviews following System Development Life Cycle controls (SDLC) for new software implementations. Partner with cross functional teams to help lead successful implementations or key system changes.
  • Manage IT testing schedule and consult with IT team members, Internal Audit, and external auditors. Assist in completing the IT annual scoping activities in a timely and thorough manner. Assist in identifying and analyzing all relevant matters that could impact IT SOX scope and propose related approaches (during annual scoping and ongoing).
  • Provide security awareness, education, and training based on industry best practices and internal policies.
  • Maintain awareness of trends in the latest cloud technologies, security regulations, and operational requirements, and advise across the business.
  • Review and understand compliance regulations such as SOX, SEC Disclosure on CyberSecurity, GDPR, FERC/NERC, NIST, CMMC and any other applicable standards.
  • Perform Gap Analyses to assess current state against Compliance requirements. Recommend and manage tools to aid in all compliance requirements and objectives.
  • Coordinate information security internal audits, external audits, regulatory to help represent the company from an information security and technology risk perspective.
  • Perform technical incident responses and security assessment activities. Evaluate impact on IT systems, recommend and implement remediation plans.
  • Participate in prospect security-related review process, including completing information security questionnaires for Sales RFP’s and participating in sales calls for security due diligence.
  • CMMC certification preparation for all the sites/applications in scope.
  • Function as a liaison between AMSC, customers, auditors, and external agencies.

 

Education – Experience:

  • Bachelor’s degree in computer science, Information Technology, or related field, or equivalent experience.
  • At least five years of experience in IT Security or IT Compliance within IT/OT Infrastructure
  • Three plus years of information technology and audit experience (general information technology, application, and infrastructure controls) within a “Big 4” or large regional public accounting firm
 
Required Skills, Competencies, Authorities and Training Needs:

  • Excellent analytical, critical thinking, collaboration skills, communication with the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Proficiency in MS Office software, specifically Excel, Word, and PowerPoint
  • Solid knowledge/experience in Information Technology, networks, databases, operating systems, application controls and IT operations.
  • Prior experience with implementing or using GRC tools.
  • IT Security Best Practices, Governance and Audit Procedures
  • Knowledge of common information security frameworks and IT controls frameworks, such as ISO/IEC 27001, ITIL, COBIT/COSO, NIST/DFAR/CFR/CMMC, NERC/FERC.
  • CISSP, CISA certification(s) a plus
  • Business continuity and DR planning experience a plus.
  • Supply chain security risk and commercial operations security incident management experience is a plus.

 

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!

Skip to content