-
ID
#6051768 -
Job type
Contract -
Salary
Depends on Experience -
Source
UNICON International, Inc. -
Date
2020-11-23 -
Deadline
2021-01-22
Security Analyst
California, Torrance, 90501 Torrance USAContract
Vacancy expired!
We are currently accepting resumes for a
Security Analyst in Torrance, CA.The selected candidate will perform the following duties:- Establish, Maintain and Enforce North America Regional and Local / Company-specific Information Security (Cybersecurity), Data Privacy, and GRC Controls, Policies, Procedures and Standards.Continuously monitor the status and effectiveness of all Information Security (Cybersecurity), Data Privacy, and GRC Controls- Develop Information Security (Cybersecurity) and Data Privacy processes and procedures and supports service-level agreements (SLAs) to ensure that effective controls and countermeasures are managed and maintained Ensure key risk indicators documented and are effectively monitored to prevent a negative impact on business objectives and brand reputation.- Ensure Remediation Plans and/or Compensating Controls are established to address risks or gaps identified by IT Staff or reported by internal and external auditors.- Establish continuous monitoring of all risks and gaps until they have been resolved. Compensating Controls must be re-evaluated at least annually to ensure they are still effective at addressing a risk or gap.- Maintain the Information Security & Risk Division’s Information Security (Cybersecurity), Data Privacy and GRC Policies, Procedures and Standards Documentation, including the associated repositories and portals.- Work with Business Units, Law Division, Internal and External Auditors to identify Information Security (Cybersecurity), Data Privacy risks, control requirements and standards using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:- Business System Analysis- Communication, facilitation and consensus building- Conducting Privacy Impact Assessments (PIA)- Preparing post-PIA reports and presentations to advise IT and business unit management regarding residual risks, vulnerabilities and other Information Security and Data Privacy exposures, including misuse of information assets and noncompliance.Facilitate and provide support for all internal and external audits or assessments, including state and federal regulatory agencies. Components of this activity include but are not limited to:- Coordinate with Internal or External Auditors to comply with their audit requirements, including compiling and organizing audit requirements such as documentation, formal attestations by business unit or IT representatives, providing- Assists in the coordination and completion of information security operations documentation.Provide Information Security (Cybersecurity) and Data Privacy thought leadership and guidance to IT Infrastructure and Application Development Units. Components of this activity include but are not limited to:- Support Information Security & Risk Division leadership in the development and implementation of strategies and campaigns to address risks or gaps and to reinforce Information Security (Cybersecurity) and Data Privacy practices, techniques and controls- Research, evaluate and recommend Information Security (Cybersecurity) and Data Privacy technologies, then developing business cases that effectively capture the both quantitative and qualitative characteristics of a technology project or proposal.- Work with IT Department to identify, select and implement appropriate technical controls for Information Security (Cybersecurity) and Data Privacy- Play an advisory role in application development or acquisition projects to assess Information Security (Cybersecurity) and Data Privacy requirements and controls and to ensure that security controls are implemented as planned.- Collaborate on critical IT projects to ensure that information security and data privacy risks and concerns are addressed throughout the project life cycle.- Partner with IT personnel and become a trusted resource and authority on information security and data privacy technologies, practices and techniques.- Partner with all companies involved to provide support and provide guidance on remediation/countermeasure plans regarding area requiring strengthening in security & privacy.- Monitor and report on remediation/countermeasure status monthly; working with the remediation owners.- Support GRC project activities as required to achieve unit level objectives; these may include but are not limited to: monitoring project progress, tracking non-compliant activities, resolving problems, publishing progress reports, remediation consultation, and driving remediation activities to completion.- Improve technical and business process by studying current practices, identifying problems and recommending solutions.- Support project managers as requested in performing daily, weekly, monthly, reviews and project updates.- Maintain and expand current documentation for policy & privacy compliance program activities as required in support of the daily operations.- Perform other assigned tasks as need for the GRC Unit as requested by leaders.- Support Third-Party vendor risk assessment processes; utilizing strategic partnerships with multiple internal stakeholder groups (procurement, legal, and business side operations).- Ensure companies are following all required Global & Regional policies/standards via assessments and audits of existing processes.- Partner with other internal non-IT, and external groups to stay aware the changing landscape e.g., new legislation and changes to existing legislation.Required Skills and Experience: - Bachelor's degree in information systems or equivalent work experience- 10+ yrs. experience with information security, privacy, or related field preferably in the captive finance or banking industries- Understanding of Third-Party Vendor Risk Management processes & practices (REQ)- General IT auditing process & practices (REQ)- Understanding of control framework NIST-800-53, ISO270001, & privacy legislation (REQ)- Min. of 5 years of direct exp. as Data Privacy Governance, Risk and Compliance (GRC) Analyst (REQ)- Strong proficiency in performing enterprise risk, business impact, control, vulnerability, and privacy impact assessments. In-depth knowledge of risk assessment methods and technologies. In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.- Industry-accepted Certification for Information Security or Data Privacy- Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks.- Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation.- Audit, compliance or governance experience is required- Experience implementing Generally Accepted Privacy Principles (GAPP) or COBIT- Experience in developing, documenting and maintaining security policies, processes, procedures and standards.- Experience developing and/or implementing a governance model for privacy and confidentiality.- Experience with consumer credit, consumer and/or retail services marketing, and supplier management is beneficial.- Experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.- Experience overseeing information security and/or data privacy projects from concept through implementation.- Strong understanding of business applications, including ERP and financial systems.- Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and UNIX] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.- Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.- Must be self-motivated with strong analytical, organizational, planning and problem solving skills.- Strong technical and business writing skills, as well as strong communication skills.- Ability to communicate well with technical teams, executives, auditors and business owners and other stakeholders as required- Previous working experience with GRC and in Information Technology with defining, analyzing, and documenting process, procedures related to disciplines within IT- Understanding of regulated environment or related IT audit background and Information security related projects.- Demonstrate extensive knowledge of Third-Party Vendor Risk Management- SOC2 Type 2 report analysis- Data Security Safeguard Agreements (DSSA)- Contractual review processes- Penetration test results analysis- HITRUST and ISO Certification analysis- Demonstrate knowledge of Risk Management Processes- Risk triage process- Risk exception process- Demonstrate broad competency and understanding in a variety of areas:- Governance, Risk, & Compliance general practices and operational activities- Policy development- Standards development- Risk Management- Compliance- Privacy- EU GDPR- CCAP- NY Privacy Shield- Security- Traditional security (App, OS, DB, and Network)- Mobile application security- Cloud security (IaaS, PaaS)Preferred Skills and Experience: - Automotive Captive Finance/BankingUNICON International, Inc. is an Equal Opportunity Employer.If you are interested in working for an organization where honesty, integrity and quality are among the core principles then click apply today!Keywords: governance, compliance, risk, data security, security certificationVacancy expired!
Report job
Related Jobs
