Jobs

Apply for job

Information Security Analyst - Long Term Contract REMOTE

For our direct client, a global firm, we seek an experienced Information Security Analyst for a REMOTE long-term contract (18-24 months) position.   

Please note this role will be fully remote and the selected candidate will not be expected to report to any onsite location, but selected candidate must be able to work East Coast hours. 

Responsibilities include:  

•    Plan for and coordinate multiple Service and Organizations Controls (SOC) 2 readiness assessment and examination streams for several business and technology areas, coordinate auditor and key stakeholder meetings, gather requested evidence, track and reporting on progress and provide updates to stakeholders
•    Work closely with technology and business stakeholders to clarify compliance requirements and drive implementation of process improvements, provide leading practice and current guidance to control owners, assist in ensuring that controls are appropriately designed and effective and formally documented following global policies 
•    Prepare executive management reporting on SOC2 efforts status, support the management of project risks 
•    Identify methods to leverage testing for several certification, internal audit and attestation purposes and efficiently coordinate relevant activities 
•    Oversee activities to ensure that audits are planned in advance, considering scope overlaps, stakeholder outreach and resource limitations, and managed according to procedures. Develops and implements PMO processes.
•    Identify trends and proposes robust solutions for challenges. Identify themes in information protection audit observations and suggests solutions to efficiently address based on industry experience, leading practices and global technology group context.
•    Collaborate with other ITS Global teams, advising on suitable approach for auditable information protection practices and audit success, while ensuring minimum burden on business as usual activities.

 

Key accountabilities
% of time Accountability
40 Plan for and coordinate assessments for in-scope business and technology areas. Includes coordination of auditor and key stakeholder meetings, gathering requested evidence, tracking and reporting on progress and providing updates to stakeholders
10 Prepare executive management reporting on information security audit efforts status, support the management of project risks and create dashboards for the audit efforts, audit results and remediation efforts.
20 Identify methods to leverage testing for several certification, internal audit and attestation purposes and efficiently coordinate relevant activities 
10 Follow and enhance project management activities for information protection assessments and their management. 
10 Identify trends and proposes robust solutions for challenges. Identify themes in information protection audit observations and suggests solutions to efficiently address based on industry experience, leading practices and global technology group context.
10 Collaborate with other teams, advising on suitable approach for auditable information protection practices and audit success, while ensuring minimum burden on business as usual activities.
Skills:

 

•    Minimum 4 years of experience in information protection, including performing and managing information protection (security and privacy) controls assessments, such as those based on ISO27001, ISO27017 and  SSAE18 / System and Organization Control 2 / SOC2 for cloud platforms (internal and / or external assessments).
•    Program and project management skills and experience. Proven track record of leading multiple projects or programs, through the management of teams of cross-discipline specialist. Ability to multi-task, adapt strategy based on competing priorities and work independently within a global team. High quality results delivery with attention to detail.
•    Experience of senior stakeholder management (including ability to efficiently articulate challenges), ability to apply forward thinking mindset, develop service strategy and understand business impact.
•    Information security auditing experience and certifications a plus, such as CISA or Certified ISO 27001 Lead Auditor.
•    Strong cloud information protection audit experience that includes scoping, planning, performing, managing, reporting and remediation monitoring activities.
•    Possess excellent business writing, reporting, presentation and communication skills in English.
 

•    Strong information protection assessment and technology operations knowledge. Standards knowledge big plus for ISO27001 and ISO27001 as well as NIST 800:53 standards and cloud security
•    Ability to manage multiple workstreams but also be hands-on when required. 
•    Excellent communication and presentation skills, including executive reporting skills
•    Information security certifications would be a big plus, such as CISA or Certified ISO 27001 Lead Auditor.

 

Education:

Bachelor’s degree in information systems or an equivalent combination of education and experience, along with two or more years of systems and network security experience.

Industry certifications, such as the Certified Information Systems Security Professional (CISSP) or the CompTIA Security+, are also sought.

 

 

:

 

   
Certifications & Licenses:
CISSP
Certified Information Systems Security Professional
Security+
 

Job ID: 4947

Chat with a recruiter

Can't Find The Job You're Looking For?

Share this Opportunity?