Advertising

Sorry, the offer is not available,
but you can perform a new search or explore similar offers:

Internal quality engineer

Internal Quality EngineerApply now » Apply now + Start apply with Xing + Apply Now Start + Please wait... Last Updated Date:Jan 13, 2021 Location:South...


Connecticut

Published a month ago

Packager

0.25 Auto req ID: 263377BR Job Summary Fed Ex Ground is an essential business that needs people to help us support the economy, handling life-saving medications...


Connecticut

Published a month ago

Cna | prn

Job Description Facility: GSS SD Canistota Ctr Location: Canistota, SD Address: 700 Main St, Canistota, SD 57012, USA Shift: Varies Job Schedule: PRN Weekly...


South Dakota

Published a month ago

Good samaritan society: pt evening cna - straight weekends with bonus

Job Description Facility: GSS SD Canistota Ctr Location: Canistota, SD Address: 700 Main St, Canistota, SD 57012, USA Shift: 8 Hours


South Dakota

Published a month ago

Compliance & Security Analyst

Advertising
Advertising
Compliance & Security Analyst
Company:

The Judge Group, Inc.


Advertising
Advertising

Compliance & Security Analyst

Advertising

Details of the offer

Location:
Horsham, PA

Description:
Our client is currently seeking a Compliance & Security Analyst
Position Summary:
Responsible for developing, implementing and administering plans, policies, techniques, and services ensuring ongoing compliance and security of company information resources. Support all information technology assessments and/or audits (PCI/SOX/other) of organizational automated systems and processes, interpret results, and develop and communication recommendations for improvement to management. Participate in review, development and maintenance of security policies. Perform and manage Supplier Risk Assessments. Recommends controls and monitors the effectiveness of the controls after implementation. Updates security plans resulting from application changes or hardware, software, or network modifications. Recommends and obtains approval for security standards or software and the assignment of levels of controls. Responsible for testing newly implemented security controls and procedures as implemented within the company. Provides security training and awareness delivery. Performs a security advocacy role and act as a liaison with business units for issues related to information security and ongoing compliance maintenance.
Essential Duties and Responsibilities Other duties may be assigned. In the event of absence, duties for this position will be overseen by the position to which it reports.
Achieves compliance for PCI and SOX by coordinating and managing the actions of teams across the organization and being the primary liaison between internal/external auditors and all business stakeholders.
Identify and document security vulnerabilities and weaknesses in the environment such as unauthorized access potential, non-compliance with defined standards, etc.
Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization.
Develop and/or maintain expertise in identifying security risks in the hardware, software, and systems used by the organization.
Develop risk/vulnerability assessment programs and questionnaires to identify and/or address identified security risks.
Perform and/or respond to information technology assessments, penetration tests, and/or audits of organizational automated systems and processes, interpret results, and develop and communication recommendations for improvement to management.
Provide security awareness training to organization employees. Administer and manage Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS)
Perform and manage an internal Continuous Compliance Monitoring Program
Lead coordination of any IT security related incidents and be the point of escalation for enterprise security incidents.
Assist with incident response thru the life cycle including follow up with lessons learned and remediation measures to prevent similar future incidents.
Develop, maintain, report on security program metrics to measure program effectiveness.
Perform and manage Supplier Risk Assessments
Review and verify security patch processes to ensure critical patches are applied to systems properly and work with system owners to remediate.
Performs product evaluations, recommends and implements enterprise security products/services. Validates and tests security architecture and design solutions to recommended vendor technologies.
Provide reporting metrics/create and maintain dashboards for department functions.
Proficient in the use of Word, Excel, Project and Visio
Assist manager/director in planning, time budgeting and scheduling work for completion.
Participate in opportunities that enhance personal and professional growth and the accomplishment of career objectives through continuing education, seminars and participation in field-related professional organizations.
Accountable for execution of assigned tasks from start to finish, while fully leveraging the disciplines expected of a compliance and security analyst role according to department standards, procedures and processes.
Stay current with emerging issues affecting the Cybersecurity profession.
Qualifications (Include Education and Specific Experience)
Strong experience with IT security standards and best practice frameworks. (like ISO 27001/27002, NIST, ITIL, PCI, SOX, HIPAA, FISMA, etc.).
Ability to work with subject matter experts, vendors, and 3rd party MSSP to coordinate activities to complete compliance/security related projects or tasks in a timely manner.
Knowledge of hardening concepts and audit for Unix, Linux, Windows servers and desktop systems.
Knowledge of common application vulnerabilities, current threat vectors and mitigations.
Knowledge of IP protocols, networks, security architectures and security threats.
Experience with network and application vulnerability scanners. (like Nessus, Nmap, AppScan, Burp, OWASP, ZAP).
Experience with GRC tools
Experience with IP networking, networking routing protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, WAF devices, proxy services, DNS, email, Active Directory, LDAP, and access-lists.
Knowledge of internet and web application security techniques. (like SANS, OWASP).
A Bachelor's degree in Computer Science, Information Security Management, Engineering or equivalent is required.
Security certifications like CISA, CISSP are highly desirable.
Contact:

This job and many more are available through The Judge Group. Find us on the web at
www.judge.com


Source: Dice


Area:

Requirements

Advertising
Advertising