Information Security Analyst
TBD Kendall, FL 00000
Information Security Analyst (#7893)
Specific Job Summary
The Information Security Analyst supports the Information Security Governance, Risk and Compliance leader and department in performing security risk and compliance assessments in accordance with relevant industry frameworks (i.e., COSO, ISO, NIST, COBIT) and compliance requirements (i.e., SOX, PCI-DSS, GLBA, etc.), third party security reviews, contract reviews, processing security exception requests, and working with control owners to understand, prioritize, and address security risks impacting the Company. This position is an Individual Contributor.
- PCI-DSS Compliance Program Execution
- Corporate Compliance and Risk Management
- Third Party / Cloud Security Assessments
- Internal Application Compliance Assessments
- Provide security support to non-security IT associates
Specific Expected Contributions
- Responsible for managing the company security risk management processes to review the state of compliance and identify potential gaps and risks related to any engaged security service or application either internal or external.
- Functions as the lead technical internal resource (as key technical internal company PCI Assessor, PCI-ISA) to coordinate and execute the annual PCI-DSS Assessment.
- Perform risk assessments for systems and projects using established industry frameworks
- Perform security risk assessments for third party and Cloud service providers.
- Work closely with development and engineering teams end-to-end in releasing secure and compliant infrastructure and applications
- Operate the security exception and risk management process, track security exceptions, help develop mitigating controls, and oversee mitigating control development.
- Maintains proactive communications with customers/partners on security and compliance related issues informing senior management in a timely manner
- Maintains knowledge of security principles and assures that existing environment retains compliance with up to date security standards and emerging threats
- Day-to-day managerial tasks as assigned
- Interfaces with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items
- Able to travel up to 20%
Major Decision-Making Impact:
- Assess risks associated with the computing environment, recommend mitigating controls to management for consideration within the MVW global computing environment.
- Evaluation and recommendation of security policy & compliance related technologies
- BS/BA in Information Security or other IT related degree preferred;
- Preferable Information Security professional or PCI certification (e.g. CISSP, SANS GIAC, PCI QSA/ISA, etc.)
- 7+ years' work experience in Information Technology or similar position or having equivalent skills and experience is highly desired;
- 3+ years conducting or leading PCI and/or security risk assessments;
- Knowledge and experience with established industry standards, frameworks, and regulations including but not limited to: ISO 27000 series, COBIT, COSO, NIST SP 800-53, PCI DSS, and Cybersecurity framework
- Technical Specialization in Information Security
- Technical Integration, background in one or more domains within Information Security
- Ability to provide exceptional Customer Service Orientation
- Global Orientation
- Excellent Communications skills (Listening, Persuasiveness, Oral, Written)
- Demonstrated Leadership skills (Impact, Involvement, Change Management)
Location: Orlando, FL
Duration: 6-month Contract / High potential for extension