Information Security Analyst

Take your career to the next level with eXcell. We offer jobs with Fortune 1000 companies nationwide AND invest in your career development using our leading-edge training program. Our client has a new opportunity for an Information Security Analyst to function as a member of the corporate information security team reviewing information security documentation and contract terms. The candidate will also coordinate and deliver corporate IT deliverables in response to audit requests and support identification of Information Security awareness training modules.Job Requirements:

• Client Contract and Document Inquiry Program Management
  • Principal responsibility entails being the Corporate IT primary point of contact for contracts, IS questionnaires, RFPs / RFQs, and collaboration with Corporate Legal and Compliance Teams
  • Documents requiring review by Corporate IT include the following (as applicable): Master Services Agreements (MSA), Business Associate Agreements (BAA), exhibits / addendums, IS questionnaires, and other inquiries as needed
  • Detailed review is required to ensure consistency from the client and its associated practices in committing to due diligence activities only within the scope of the company Information Security Policy (ISP) and company HIPAA Privacy Policies to the extent feasible
  • In addition, the tracking of said contracts to ensure internal service level agreements are met shall be an adjunct responsibility
• GCS IT Audit Coordination and Repository Support
  • Responsibility includes coordination of audit requests to ensure consistency of responses relating to shared services provided by Corporate IT
  • As need arises, this may also include coordination of responses from multiple practices to common clients
  • Additionally, responsibilities also include sustaining a network share infrastructure to facilitate enterprise interaction with independent auditors, and serving as the point of contact for Corporate IT team requests to ensure timely delivery and closure
• Compliance and Risk Management Program Management
  • Responsibility entails co-development of IS Compliance and risk assessment tools e.g., questionnaires, worksheets, and support documentation as needed for enterprise distribution
  • IS Compliance management also requires tallying of aggregate data for presentation in reports for the board

• Information Security Awareness Training Program Management
  • Administrative management of the Information Security Awareness Program via SaaS vendor, Security Mentor
  • Additionally, responsibilities shall include maintaining existing metrics for tracking employee and contractor compliance
• Contractual Obligations Repository
  • Assignment includes working with Corporate Legal Team and Corporate Information Security Manager to establish an enterprise repository for identifying contractual obligations based upon contractual commitments relating to breach notification and follow up

• 5-10 years of experience in risk management and / or information technology roles
• Information security experience with ISO 27001 / 2 and other industry regulatory controls (e.g. HIPAA) and compliance (e.g., SSAE18)
• CISSP or CISA certification preferred
• Cloud security control experience a plus
• Ability to interpret information security data and processes to identify potential compliance issues
• Ability to work within a globally distributed organization and understanding of international information security regulations
• Familiarity with information security related contract terms
• Excellent verbal and written communication skills including the ability to prepare documentation, policies and build consensus across a broad group
• Excellent project management skills including the ability to prepare prioritize and complete work plans
• Decision-making and problem-solving skills including the ability to clearly define and resolve issues
• Ability to clearly and effectively communicate Information Security matters to executives, auditors and end users
• Ability to work effectively and organize priorities independently
• Appropriate education such as a Bachelor's degree in Computer Science or a minimum of 3 to 5 years of information systems security or related experience
• Willingness to travel occasionally