Security Analyst Compliance, Sr II - SSP
Audubon, PA
About the Job
Compliance Analyst
Audubon, PA
2 year contract
If interested, please send your resume to anita.olejnik@nttdata.com
Responsibilities:
The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law. To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.
Audubon, PA
2 year contract
If interested, please send your resume to anita.olejnik@nttdata.com
Responsibilities:
- The ITS Service Management and Compliance department is responsible for the oversight and coordination of all compliance-related functions for the Information Technology and Services (ITS) division.
- The Compliance Analyst plays a key role in carrying out this responsibility, by maintaining a strong relationship with departments which support key information technologies such as applications, databases, networking devices, operating systems, SAN and storage devices.
- The analyst is responsible for helping IT systems administrators clearly understand internally and externally-defined compliance requirements.
- The Compliance Analyst performs a variety of tasks related to analysis and executing processes that support, document, and maintain the compliance posture of the information technology environment.
- In order to effectively perform these responsibilities, the ITS Compliance Analyst must have effective communication skills, a strong understanding of information technology and information security fundamentals and principles.
- Execute compliance processes for the lifecycle management of IT assets, validating security control configuration, and gathering evidence of compliance.
- Track and evaluate vendor security patch releases, documenting the patch releases for entry into the security patch deployment program.
- Participate in the Enterprise Change Management process, validating that changes to the technology environment are appropriately described, documented, and tested according to compliance regulations.
- Participate in the collection, preparation, and presentation of evidence for continuous compliance monitoring and self-certification of compliance.
- Participate in the definition and maintenance of compliance requirements for system and software design.
- Participate in the development and communication of effective strategies that support continual evolution of security and compliance practices for ITS.
- Identify and coordinate the update and approval of existing technical and process documentation to meet Documentation Review and Maintenance requirements.
- Participate in the evaluation, reporting, and mitigation of potential compliance violations.
- Participate in the enhancement of control activities to more clearly demonstrate compliance and minimize future audit exceptions, recommendations, etc.
- Develop and document specific recommendations to address instances of non-compliance. Track the timely implementation of approved recommendations.
- Identification and tracking instances of non-compliance via routine monitoring.
- Work with Enterprise Information Security organization to ensure configuration of compliance monitoring tools are updated to reflect changes in security control standards.
- Provide oversight of the ITS owned control objectives and control activities.
- Participate in the creation or enhancement of security controls, control activities, and related evidence standards to ensure compliance with new or existing versions of the NERC CIP and SSAE16 standards.
- Participate in audits by Regional Entities and other Regulatory Authorities for those requirements owned by ITS.
- Participate as subject matter expert in interactions with external auditors.
- Active identification of opportunities for communication and training of ITS Staff on items related to security and compliance.
- Conduct routine review and maintenance of existing documentation owned by ITS related to security and compliance.
- Facilitate the creation and approval of new security and compliance documentation as well as provide input into the framework for that documentation.
- Establish and maintain framework for ITS documentation related to compliance.
- Participate in the development and communication of effective strategies that support continual evolution of security and compliance practices for ITS.
The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law. To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.
Source : SSP
