Position Details:

The Information Security Analyst II will support the security policies, practices, procedures, and technologies in order to ensure the protection of networks, systems, applications, and data. This role will be looked to as an information security expert within the organization, helping ensure corporate security controls are effective. This role will also be involved with day-to-day security operations by responding to security events of interest and recommending corrective action by working with IT and non-IT team members.

This job is responsible/accountable for supporting the processes and objectives of the Governance, Risk, and Compliance (GRC) function and Payment Card Industry (PCI) Compliance Program within the Information Security department.

We are looking for an Information Security Analyst II who will:

• Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to: Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), emerging state and Federal privacy laws, and general security auditing
• Participate in a vulnerability management program that includes: external and internal vulnerability scans of applications and systems, external and internal penetration tests of applications and systems, the documenting and remediation of identified vulnerabilities and exploits, routinely monitoring various communication avenues for security vulnerabilities and security patches, taking a risk based approach comparing those security vulnerabilities and security patches across the operating environment, and making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities
• Participate and represent the organization’s security interests in third party and customer contract reviews
• Facilitate and manage the policy exception, risk acceptance, policy management and other GRC workflows within the security function.

Is this opportunity right for you? We are looking for candidates who has:

• College degree: Management of Information Systems, Information Security, Business/Accountancy (auditing focus), related field, or equivalent experience
• Experience with audits, controls, and PCI and/or ISO requirements
• Experience administering and creating workflows in GRC tools
• Experience working in a highly-regulated environment
• Qualified and successful candidates will have at least 2 years of experience working within information security or IT audit roles or 3-5 years in information technology.
• Working knowledge with IT security, compliance, and regulatory requirements, such as: Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), Healthcare Information Privacy Protection Act (HIPPA), state and Federal privacy laws
• Advanced knowledge of IT security concepts.
• Certified Information Systems Auditor (CISA)
• GIAC Security Essentials (GSEC)
• Other Governance, Risk, Compliance, Audit, or Security certifications
• CLT contract model