Sr. Compliance Analyst
FUTURALIS, United States
Job Description
Futuralis Tech is a global technology consulting firm raising standards in cloud services. Our mission is to help clients harness the benefits of the cloud. Our holistic approach integrates all aspects of IT into the overarching cloud strategy to reduce costs, increase efficiency and improve security.
Are you passionate about developing simple, elegant solutions to complex problems? Do you like working closely with customers and delighting them with amazing user experiences?
Requirements
Review, update and author policies that adhere to industry best practice and meet compliance concerns (e.g. ISO, SOX, PCI, GDPR, Cyber Essentials Plus, Cloud Security Alliance, etc.)
• Conduct internal assessments for security risk and compliance
• Assist in the determination if gaps in security design or controls exist and provide recommendations for remediation or mitigating controls
• Develop, and report on security metrics
• Deliver security awareness training and phishing campaigns to enable a security aware organization
• Work with Audit to support necessary external assessments of the organization, such as IT’s adherence to SOX or Security’s maturity
• Maintain a working knowledge of applicable compliance drivers (SOX, PCI, GDRP, CCPA, CMMC, etc.). and keep abreast of developing regulatory changes and assist in providing guidance to assess new requirements.
Required skills and experience for this role:
• Bachelor's Degree
• 7+ years’ experience in information security, compliance, internal audit or similar role
• Solid understanding of implementations of identity and access control, change management, vulnerability management, patch management, data loss prevention, SDLC, cloud technology, vendor management, business continuity and disaster recovery.
• Experience with and understanding of various privacy regulations (e.g. CCPA, GDPR, etc.) and information security management frameworks (e.g. NIST CSF, ISO 27001, CMMC, etc.)
• Experience performing security assessments
• Excellent written and verbal communication skills
• Strong multi-tasking skills and ability to juggle multiple projects
• A self-starter with a high level of initiative, attention to detail and ability to work independently and effectively under minimal supervision
• Ability to learn quickly and willingness to take ownership of new projects
• Ability to research and learn new regulations, compliance frameworks and information security technologies
• Experience delivering security awareness training
• Proven track record of cross-functional collaboration to remediate gaps, implement policies and procedures, assure external parties, and build security culture while keeping business needs top of mind
• Experience authoring information security policies, standards, and procedures
Preferred qualifications:
• CISSP, CISA or similar certification(s)
• Solid documentation skills - process maps, requirements documents, Visio diagrams, etc.