IT Security, Risk & Compliance Analyst

Tom Gugger
Independent Recruiter
tgugger@bex.net

This is a career position with an established profitable company. They
are a leader in their industry and continue to grow even in this
economy. The company is located in the greater Fort Wayne, Indiana
area.

If interested and qualified, email resume to tgugger@bex.net. Make
sure your resume reflects your experience with SOX, PCI, and other
needed or highly desired skills.


IT Security, Risk, and Compliance Analyst
FUNCTION
Responsible for providing IT and security governance and support for
the entire organization, focusing on all aspects of data compliance,
with particular emphasis on Sarbanes Oxley (SOX), PCI, and other
industry and regulatory compliance requirements. Work closely with the
functional business leaders, Sr. IT Director and Infrastructure
Manager to manage the balance between business needs and corporate
standards.
ESSENTIAL DUTIES &RESPONSIBILITIES (Note: Other duties may be
assigned)
• Lead the development, implementation and maintenance of a Risk
Assessment model.
• Assist with the development and implementation of information
classification and control policies and procedures.
• Remain current with changes in the information resources security
legislation and regulation.
• Develop, implement and maintain an annual Risk Assessment review of
information systems.
• Conduct periodic reviews of information security policies,
procedures, and compliance. Prepare reports of findings for review by
Management.
• Assist various business units to implement and maintain information
resources security.
• Conduct periodic audits of various applications and systems to
ensure information security processes and procedures are effective.
Develop and distribute reports that include findings and recommended
remediation steps.
• Assist with the investigation, documentation, and response to all
suspected information security events.
EDUCATION AND/OR EXPERIENCE
• Bachelor of Science in Information Systems/MIS, computer science,
business or related field or equivalent experience
• 3+ years experience administering and supporting IT security, risk
and compliance program(s)
• Experience with Sarbanes-Oxley section 404 compliance
implementation and monitoring required
• Experience in developing policies, procedures, technical
configuration standards and guidelines
• Experience in developing and implementing compliance monitoring
processes and procedures
• Experience with formal project planning and risk assessment
methodologies
• Experience conducting risk assessments and system/application
reviews
• Experience preparing management reports, remediation plans, and
related planning documents
• Experience with Payment Card Industry Data Security Standard (PCI-
DSS) implementation and monitoring preferred
• CISSP or CISA certification preferred
KNOWLEDGE, SKILLS, AND ABILITIES
• Extensive knowledge of IT security and compliance standards and
regulations
• Ability to build and maintain good rapport with internal and
external customers and handle situations with confidence, tact and
resourcefulness
• Strong project management skills
• Strong written and oral communication skills