Compliance Analyst

IT Security Compliance Analyst 

At Five Rivers IT, we build and service reliable IT infrastructures for midsized businesses. Five Rivers IT has been growing at a consistent rate of 30% a year for the last 3 years.

We are in search of an IT Security Compliance Analyst to join the dynamic team of professionals providing world-class IT services to its clients in the NYC metro area. This is a great opportunity for a self-starter with a proven track record to develop, implement, and support various initiatives in the area of governance, risk and compliance. 

Responsibilities:

• Maintain proactive ongoing compliance by utilizing GRC compliance tool to perform periodic security tasks and checks.

• Establish and manage Written Information Security Policies (WISP) ensuring a formal, defined, and consistent process for managing information security

• Perform Gap Assessment against established policy

• Liaison with Engineering/IT by coordinating requests for information and coordinating responses to any observations.

• Monitor and analyze security systems to identify irregularities that can lead to potential threats.

• Responsible for Incident Management, be readily available for: Incident documentation, ensure risk analysis and severity, manage containment, lead investigation, ensure proper notification protocol, conduct & document lessons learnt, Report on findings and to then communicate them to the client.  

• Conduct Vulnerability Management Program.

• Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.

• Provide actionable, technical advice to engineers to enhance security control design & effectiveness (including for cloud environments)

Required Qualifications:

• Bachelor's in Computer Science, Computer Engineering, Information Systems or related field or equivalent work experience

• Up to 2 years of experience managing Information Security audits (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA) 

• Experience implementing security techniques, practices, and controls that can be applied to address risks

• Experience operating as part of an Information security program in alignment with common information technology management frameworks such as ISO 27001, NIST, CIS, ITIL, COBIT, etc.

• Strong written and verbal communication skills

• Strong program management skills

• Experience working closely with auditors and/or external regulators

• Experience managing security tools

Preferred Qualifications:

• Experience with Audit Management tools

• Security certification e.g. Security+, Network +, A+ etc.

• Prior experience leading or managing security audits at a SaaS/Cloud company or as a Security Auditor at an audit firm

• Systems Admin or Network Admin experience implementing security controls

Other Details about the Job

• This job requires working for multiple clients across multiple environments in a managed services setting. 

• This is a Full-Time position.

• This role is a hybrid role with a minimum of 3 days in office but may require up to 5 days.

• All standard benefits are included such as medical/dental/vision insurance and vacation time.

• We encourage and reward professional certifications.

Please send your resume with the expected salary. Applications lacking expected salary will not be considered.