Information Security Analyst - Scottsdale, United States - Consumer Cellular

Description

Job SummarySupports Consumer Cellular and Information Security Governance and Compliance programs to include:

Information Security, PCI and SOC controls, gap analysis, maintenance, remediation, security awareness and secure coding techniques using a compliance framework.

Participate in the coordination and execution of the planning and performance of regular control activities, while working directly with the technical and business stakeholders.

Interface with internal and external compliance and audit personnel to identify appropriate risk factors, assess the adequacy of existing controls and drive remediation of control weaknesses to ensure compliance requirements are met and maintained.

Assist in the implementation and management of a continuous monitoring and compliance program to reduce audit fatigue and gain efficiency.

Collect, review, and maintain artifacts required for compliance activities in a secure internal repository. Collaborate with internal stakeholders on a regular cadence to discuss, collect, and review this information.

Assist in the selection and implementation of a formal GRC tool to help the organization to accurately identify and manage risk in various areas (such as IT, assessment gaps, third party risk, etc).

Responsibilities

Support efforts to identify risk to the business, quantify/rank risk so the initial impact is visible, work with internal stakeholders to identify ways to remediate/mitigate risk, and manage residual risk to acceptable limits using internal process and documenting in the risk registry.

Support the continuance of the company's Information Security Compliance programs, including PCI and SOC, and other related compliance needs as identified.

Support the annual PCI Audit as liaison.

Validate internal resources, conduct internal artifact collection, support technical interviews, and perform other support activities for this required audit are conducted with the required level of attention to detail to ensure successful completion on time and under budget.

Drive Compliance and Privacy Awareness and training efforts throughout the organization.
Maintain and, where necessary, write Information Security, Compliance, and Privacy policies and standards.
Support Information Security Program growth and management.

Assist in third-party assessments with external business partners and across assigned services resulting in certifications and attestations on time, within budget, while meeting key requirements.

Work with process owners to develop and implement controls which meet the control objectives.

Work with control owners to ensure testability of existing controls and regularly validate that control activities are being performed according to schedule (continuous monitoring).Support remediation processes to address control issues identified, including tracking and managing remediation action plans in a centralized location.

Proactively identify existing and emerging IT risks and report up to IT/IS Management.

Monitor processes and system configurations to ensure compliance with internal policies and procedures (continuous monitoring).Assist in the performance and organization of a periodic user access review process.

Support efforts of status and performance reporting related to information security, compliance risk and controls effectiveness.

Assist in standardizing general controls, including those managed outside of IT.Participate in the planning for disaster recovery and business continuity management programs.

Support development of KPI and KRI to manage team performance and key risk that can impact organizational compliance and regulatory requirements.

Lead internal projects and provide guidance/training to less experienced staff.

#J-18808-Ljbffr