Risk Management, Audit & Compliance Analyst for Stride at home (salary not disclosed) UCF
The Information Security Risk Management, Audit, and Compliance Analyst will collaborate with the Information Security team, business units, and partner organizations to perform risk assessments, compliance checks, and control gap analysis against information security policies and risk management standards. The Analyst will create, organize, and articulate summarized risk findings that are clear and actionable by business stakeholders, reduce risk by helping to prioritize and drive remediation efforts throughout the organization, and contribute to risk management, treatment, and reporting process efforts to protect data assets. The Analyst's role will help prepare for and facilitate assessments and examinations by qualified security assessors. The Analyst will represent the IT Security, Audit, and Compliance team on the Security Governance Committee and report findings and metrics to the committee.
Essential Functions, Duties, and Responsibilities:
(Reasonable accommodations may be made to enable individuals with disabilities to perform essential duties.)
- Knowledge of risk assessments and compliance with major regulatory initiatives (e.g., SOX, PCI-DSS, HIPAA, FedRAMP).
- Knowledge of cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
- Knowledge of information security risk management and IT controls frameworks and methodologies (e.g., ISO/IEC 27005, COBIT, OCTAVE).
- Knowledge of Risk Management Principles (risk avoidance, transfer, mitigation, acceptance), Risk Assessment process.
- Support security governance activities, including managing communication about security policies, standards, and control frameworks.
- Identify, assess, track, and report on security risks across the enterprise. Track risk decisions and remediation plans and communicate risks to technical and non-technical audiences.
- Develop reporting for management by analyzing IT security controls and risk exposure.
- Identify IT security risks to the business, work with the security team on client security reviews, and develop remediation plans for both when appropriate.
Supervisory Responsibilities:
This position has no formal supervisory responsibilities.
Certificates and Licenses: None required.
Required Qualifications:
- Three to five (3-5) years of experience in identity & access management, user administration, or security compliance OR
- Equivalent combination of education and experience, including prior relevant military service experience.
- Understanding of information security risk management and/or audit practices.
- Ability to develop relationships across functions and inspire trust and confidence through effective communication and interpersonal skills.
- Experience managing cybersecurity controls based on a thorough understanding of industry standards and regulations to protect the company from external and internal threats.
- Excellent communication and presentation skills (verbal and written).
- Project management planning and organization skills.
- Ability to identify, document, and communicate information security issues to business and information owners.
- Ability to maintain the confidentiality of sensitive information.
- Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.
- Ability to clear required background checks.
Desired Qualifications:
- Bachelor’s degree in computer science, Information Systems, Information Security & Assurance, Information Technology, Audit
- CISSP, CRISC, CISA, CGEIT, or other relevant information security certifications.
- Knowledge of relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related to regulatory compliance, information security, and privacy (e.g., SOX, HIPAA, GDPR, PCI-DSS)
- Experience developing and maintaining information security policies and standards aligned to regulatory or control frameworks such as NIST, SOX, HIPAA, FERPA, etc.
- Expertise in FERPA & SOX requirements and information security best practices.
- Prior experience in the Education industry is a plus.
- Knowledge and understanding of information technology and networking concepts.
- Knowledge of Common Controls Hub - Unified Compliance Framework (UCF)
- Knowledge of Standardized Information Gathering (SIG) Questionnaire
- Knowledge of Cloud Security - Cloud Control Matrix (CCM), Consensus Assessment Questionnaire (CAIQ)
Work Environment:
The work environment characteristics described here represent those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
For more info.: https://hubs.ly/Q029p46Q0
