Security Analyst - Compliance
Security | Arlington, TX | Full Time
The Cybersecurity Analyst is responsible for executing a portion of our client's Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by organizing information, enabling risk management decisions, and addressing threats to ensure the security of company systems and information assets. The Cybersecurity Analyst is responsible for contributing to the success of comprehensive security initiatives, work with internal and external groups to ensure the program is operating effectively and efficiently, and develop strong partnerships with business partners across the enterprise to ensure company information assets are protected at the appropriate level.
- Ensure that the Cybersecurity awareness program meets and communicates all policies, standards, and compliance requirements
- Monitor changes to Cybersecurity awareness and proactively identify the need for changes to existing policies, standards, and procedures based on Cybersecurity Awareness controls.
- Stay aware of the employee risks associated with Cybersecurity and provide training and awareness for staff to better protect our client's Cybersecurity ecosystem
- Ability to facilitate training material in a face to face training settings or by teleconference
- Utilize GRC tools to map and input controls from various frameworks and performing assessments once controls are mapped
- Working knowledge and/or experience with Security training and awareness tools.
- Knowledge of a Learning Management System(s).
- Maintain and modify a metrics framework that effectively measures employee participation in Cybersecurity awareness.
- Knowledge of current phishing trends.
- Ability to form complex communications or messages in a simple, clear, and concise manner to the various organizations within our company. These communications will be distributed to team members and translated to multiple languages.
- Ensure compliance with all applicable internal and external Cybersecurity requirements.
- Demonstrate awareness of all information security trends and vulnerabilities that lead to Cybersecurity awareness needs.
- Knowledge of various information security and risk frameworks/standards (ISO 31000, ISO 2700x, NIST 800 series, etc.).
- Ability to communicate in a clear and concise manner with all levels of an organization, and convey complicated technology and security concepts to technical and non-technical stakeholders.
- Excellent project management and organizational skills with the ability to meet deadlines and quickly establish clear priorities.
- A minimum of 5-10 years of experience in large and complex business environments with a successful track record working directly with senior level management with at least 3 years of experience in one or more of the following domains: Access Control, Telecom and Network Security, Cybersecurity Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance.
- Experience mapping and inputting controls from a host of frameworks such as NIST, ISO etc..
- Experience is performing risk assessments and presenting results to influence Cybersecurity decisions
- Experience with GRC tools such as ServiceNow and Archer
- Must have demonstrable experience leading collaborative programs and projects with senior level management
- Experience in the financial services industry preferred
- Bachelor's Degree or equivalent experience strongly preferred
- Information Security Certifications strongly preferred