Information Security & Compliance Analyst IV
Portland, OR - Added Dec 4th, 2018
Apply For this Opportunity
Back to Results
Information Security & Compliance Analyst IV
We are partnering with a local healthcare company to find excellent candidates for their Information Security & Compliance Analyst role, which is located in Portland and has the flexibility to work from home. In this position, you will develop and implement ongoing improvement of Information Security through evaluations of IT and business practices and facilitate resolution of IT Audit, Compliance, and information security-related issues. This includes a primary focus on security and control evaluation of potential and existing IT suppliers. You will provide technical and increasing leadership direction for a team responsible for establishing and implementing information security and compliance for the organization. If this role sounds of interest, read further and consider applying today!
Responsibilities:
- Provides guidance and subject matter expertise to IT and business teams on processes, controls and objectives around audit and information security activities, best practices and process improvement.
- Works with all facets of the IT organization to help define and evaluate the effectiveness of IT controls.
- Regularly reviews progress toward remediation efforts with IT and business leaders, technical teams, internal audit, and other key stakeholders.
- Evaluates effectiveness of IT controls against established standards to assure effectiveness and efficiency, and provides recommendations for improvement.
- Provides guidance and subject matter expertise to IT and business teams on processes, controls and objectives around audit and information security activities, and best practices.
- Interprets a variety of instructions, procedures, documentation, policies, standards, procedures, regulations, best practices and personal interviews to establish both current state and desired future state of systems and processes.
- Identifies issues, collects information and data to perform root cause analysis, establishes facts, and works to develop remediation plans.
- Assists in developing metrics and reporting to summarize overall results for information security
- Assists other areas of the department as needed or assigned to balance workload/further education.
- Works with IT and business Management to create clear, actionable plans detailing specific deliverables, timelines and accountability to resolve information security issues.
- Develops and regularly provides metrics and reporting to summarize overall activity for information security.
- Leads small project teams consisting of cross-functional staff to define, design, develop and implement security solutions.
- Develops Security Awareness Training content, and coordinates annual training activities.
- Supports daily operational security activities (such as Data Loss Prevention, and Vulnerability Scanning, HR and Legal investigations).
- Maintains Information Security Policy and Standards documentation, and manages waivers to policy/standard.
- Assists with quarterly and ad-hoc security and compliance scanning, and associated remediation efforts.
- Assesses potential and existing suppliers against established security criteria.
- Mentors peers and/or junior staff throughout the enterprise on information security and compliance.
- Leads large project teams consisting of cross-functional staff to define, design, develop and implement security solutions.
- Performs regular vulnerability scans against external assets, and against applications. Works with issue owners to develop remediation plans for issues identified during scanning.
- Manages detailed list of vulnerabilities, associated remediation activities and/or waivers.
- Develops Information Security Standards as required.
- Participates in IT Best Practice Exchange efforts (such as Application Development) as a security representative.
- Evaluates and implements new security technologies as required.
- Monitors for emerging security threats and vulnerabilities, and participates in Incident Response activities to remediate new issues.
Requirements:
- Bachelor’s degree and 9+ more years of business and/or systems experience including experience with:
- IT industry best practices and structured, analytical approaches to problem-solving, 8 years of which include experience working with project management, security, audit and/or other governance
- Minimum 3 years’ experience in a progressively responsible leadership/management position or an equivalent combination of education and experience.
- CISSP, CISA or equivalent certification required
- Strong understanding of security frameworks and standards ISO 27001, SOC-2, HIPAA, HITRUST, PCI
- Strong understanding of Cloud security and shared responsibility models for Software as a Service (SaaS) and Platform as a Service (PaaS)
- Experience building a trust program for a medical and/or consumer-facing cloud-based service a definite plus
- Excellent written and verbal communication skills with an ability to communicate with a variety of stakeholders including prospects and customers
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, disability or protected veteran status.
Job ID: AE589615124