IT Security Analyst - Risk and Compliance (Part Time) - Phillips and Cohen Associates : Job Details

IT Security Analyst - Risk and Compliance Overview: The person in the position, under general direction, ensures PCA IT Security Control Framework is in compliance with federal, state, local, industry and client security requirements. Develops, tests, documents, evaluates, tracks, identifies gaps, improve IT compliance controls, execution of defined Security Controls and evidence collection. Collaborates with internal and external audit teams, IT management, cybersecurity teams and other stakeholders to ensure IT compliance programs and IT Security Policy deliverables are met. The IT Security Analyst will be a key member of the Information Security team responsible for coordination of audits, control definitions, QA testing oversight, procedure creation and/or enhancement, and security and awareness training. Success in this role requires a good understanding of information security best practices, IT infrastructure and applications as well as identity and active directory security knowledge. The analyst must have the ability to understand and communicate risk and controls. Must have strong organization, planning, good communication and writing skills. ResponsibilitiesRisk Management:

• Assist in identifying potential IT-related risks (security, operational, technological) through various methods. This should include third-party service provider risks.
• Participate in the evaluation of identified IT risks by assessing their likelihood and potential impact.
• Support the development and implementation of IT risk mitigation strategies and controls.
• Provide on-going evaluations and validation of IT control effectiveness.
• Actively track and communicate restraints, conflicts, or gaps in existing IT processes as well as cross-functional team remediation efforts related to IT risks.
• Assist in System Audits and Security Assessments.
• Interpret Audit results and make conclusions on the adequacy and reliability of IT controls.
• Participate in other risk and compliance-related projects as assigned.

Compliance:

• Execute IT Security control evidence gathering and approvals.
• Coordinate controls evidence generation, review, approval, and storage for IT controls.
• Outline clear and effective evidence collection and storage of IT control activities.
• Establish a Central Repository for all IT evidence and maintain a library of responses.
• Perform compliance gap assessments, particularly within the IT environment.
• Reviews, documents, evaluates, and tests manual and computer controls (IT general controls and application controls).
• Coordinate the responses to compliance findings and the identification of response evidence related to IT.
• Develop, track, and publish compliance metrics related to IT controls.
• Communicate updates on IT compliance controls performance to management.
• Implement and/or leverage technology to effectively collect, store, and share the evidence associated with IT controls activities.
• Provides training to third-party compliance assessors on organizational IT tools, resources, and repositories for the collection and review of controls-related evidence before each audit.
• Captures and stores policy exception approvals for easy access & use during yearly assessments, particularly those related to IT.
• Generate windows and active directory-related evidence for controls assessments.
• Perform tasks and functions as assigned by IT Management.

General Tasks:

• Coordinate and maintain the security awareness training necessary to ensure adherence to organizational policies, standards, and overall security controls.
• Assist in the coordination of yearly security incident response effectiveness testing.
• Analyze data to identify IT risk and compliance trends and patterns.
• Collaborate effectively with various departments across the organization to embed IT risk and compliance considerations into their processes.
• Assist in developing and delivering IT risk and compliance training materials.
• Utilize risk management and compliance software and tools effectively.
• Stay updated on the latest IT risk management techniques, cybersecurity regulations, and industry best practices.
• Perform tasks and functions as assigned by IT Management

Required Education/Experience Bachelor's degree in Cybersecurity, Computer Science, Information Technology related field or equivalent experience. 2+ years' experience in IT related field 1+ years' experience in IT Audit, compliance or controls assessments Certification in Security, Audit or Risk management a plus; CISA, etc Working knowledge of Windows operating systems Working knowledge of Active Directory Strong analytical and problem-solving skills Solid understanding of IT Controls and objectives, Control Mapping, Audit Protocols, Working knowledge of Applications, Databases, SaaS and Cloud applications Some knowledge of computer Networks, Servers, IAM Solutions, Incident Response a plus. Excellent communications skills with an emphasis on follow-through, tracking and meticulous attention to detail are required. Ability to work independently, adjust priorities, and work in a continuously changing environment. Ability to work successfully in a deadline driven, team environment. About Phillips & Cohen Associates, Ltd. PCA provides Equal Employment Opportunity for all individuals regardless of race, color, religion, gender, age, national origin, disability, marital status, sexual orientation, veteran status, genetic information and any other basis protected by federal, state or local laws and reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of our jobs. Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.