__________________________________________________________________________________________________
Job Position: Security & Compliance Analyst
Reports to: Information Security & Compliance Officer
Department: Technology
Classification: Exempt (Not Overtime Eligible)
__________________________________________________________________________________________________
Employment Standards
Job Summary:
PCI Group is the leading provider of mission critical communications for businesses where security of customer-centric data is paramount, precision and accuracy are crucial, and compliance is a must.
The Security & Compliance Analyst will participate in customer and third-party Information Security and Compliance audits. The Security & Compliance Analyst gathers related information, evaluates it and proposes information and security policy, procedures to support the requirements of customer and third-party information security and compliance audits. The position supports, monitors, maintains and implements an effective compliance program to prevent illegal, unethical or improper conduct. The Security & Compliance Analyst acts as staff to the Information Security & Compliance Officer by monitoring and reporting results of the compliance and ethics efforts of the company and in providing guidance on matters relating to reporting and compliance.
Responsibilities:
-
Creation and on-going support of a vulnerability management program to provide assessments of security and vulnerabilities of infrastructure systems.
-
Strong focus on constant remediation efforts coordinating with various internal business and Tech teams.
-
Supports, maintains, and recommends changes to policies and procedures for the general operation of the compliance program and its related activities to prevent illegal, unethical, or improper conduct.
-
Conducts log analysis and monitors security systems to identify potential security incidents
-
Collaborates with other departments (for example, human resources, -and I.T.) to direct compliance issues to appropriate existing channels for investigation and resolution to ensure data privacy and protection
-
Investigate and report on alleged violations of rules, regulations, policies, procedures, and standards of conduct by evaluating or recommending the initiation of investigative procedures.
-
Monitors, and as necessary, coordinates compliance activities of other departments to remain abreast of the status of all compliance activities and to identify trends.
-
Identifies potential areas of compliance vulnerability and risk, develops, and implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future.
-
Researches and provides reports on a regular basis and as directed or requested, keeps the compliance group and management informed of the operation and progress of compliance efforts.
-
Stays up to date with the latest information security trends, threats, and technologies
-
Provides reports and findings as part of the responses to Information Security questionnaires.
-
Assists with monitoring the performance of the compliance program and related activities on a continuing basis, taking appropriate steps to improve its effectiveness.
-
Provide input on policies, procedures and implementation of security and compliance program.
-
Assists in the development and reviews of Standards of Conduct to ensure continuing currency and relevance in providing guidance to management and employees.
-
Makes recommendations for process improvements through lean manufacturing principles to include KPI's.
-
Other duties and responsibilities as assigned
Required Skills and Abilities:
-
Solid knowledge and understanding of information security practices and policies specifically following NIST standards
-
Experience developing, implementing security policies, procedures, and standards to ensure compliance with industry best practices
-
Experience within incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, or cyber threat intelligence
-
Experience with log analysis tools and techniques
-
Knowledge of network scanning tools (e.g., Nmap) for vulnerability assessment
-
Deep understanding of cyber incident response processes and procedures
-
Familiarity with network forensics including PCAP analysis, network security, and IDS/IPS analysis
-
Understanding of Cyber Threat Intelligence and Cyber Security Awareness concepts
-
Hands on knowledgeable with various security infrastructure tools such as intrusion prevention/detection systems, anti-virus/endpoint detection and response, proxy servers, email controls, and SIEM
-
Ability to perform risk analysis and communicate that risk to others
-
Experience in a 24x7 production and or manufacturing enterprise
-
Strong knowledge of network protocols and technologies (TCP/IP, DNS, DHCP)
-
General system and/or network administration experience in a Windows environment.
-
Cloud Security Experience (AWS and Azure)
-
Understanding of Network File System (NFS) concepts
-
Proficiency in remote access software and VPN technologies
-
Experience with virtualization technologies (e.g., VMware, Nutanix AHV)
-
Understanding of Continuous Integration/Continuous Deployment (CI/CD) methodologies
-
Teamwork Orientation
-
Technical Capacity
-
Thoroughness
-
Time Management
-
Customer/Client Focus
-
Flexibility
-
Good analytical problem-solving skills
-
Must be flexible and adaptable to be successful in a fast-changing environment.
Education/Experience:
-
Bachelor’s Degree or higher in Engineering, Technology or related field
Physical Demands:
The physical demands described here are representatives of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Regularly required to sit for long periods of time; frequent hearing and talking required. Extensive keyboarding. May be required to lift up to 40 lbs.
Note: PCI Group retains the discretion to add to or change the duties of this position at any time.