Security Compliance Analyst I - Easterseals Southern California
Irvine, CA 92602
About the Job
The Security Compliance Analyst I is responsible for performing risk and compliance tasks and assessments of IT processes and systems. Provides support for information security processes; operates other software to assess vendor security & privacy, provides audit and regulatory support, and produces policy and standards documents. Performs regular access reviews for critical systems. Plays a crucial role in protecting an organization’s information systems by identifying and mitigating potential security risks. Maintains the security and integrity of an organization’s information systems.
Hiring Range: $66k - 82k / Year
Responsibilities:ESSENTIAL FUNCTIONS:
- Assists with the implementation of the corporate information security governance and compliance efforts
(e.g., NIST, CIS Controls, SSAE16/SOC, HITRUST, etc.) - Performs internal security and privacy compliance assessments based upon identified controls.
- Performs security assessments for third party vendor or partner relationships with the ability to read and
assess compliance documents such as SOC2 and HITRUST attestations or certifications. - Assists in developing and implementing security program governance, compliance frameworks, processes,
policies, standards, and work instructions. - Provides KPIs, metrics and recurring reports to management.
- Participates in the implementation and continuous improvement of the ESSC Security Program.
- Participates in Incident Response and Disaster Recovery planning and exercises.
- Performs regular access reviews for critical business systems.
- Performs other duties as assigned.
EDUCATION:
- Security +, CISA, CISSP, CISM or other information security certifications preferred.
- Bachelor’s Degree: Typically, in Information Technology, Business, or a related field is preferred.
EXPERIENCE:
- 2-5 years of experience in Information Security/Compliance.
- Experience with information security, internal & external audits, contract compliance, and quality
initiatives. - Experience driving compliance-related activities such as SOC2 readiness & audit support.
KNOWLEDGE, SKILLS, ABILITIES:
- Must pass all drug testing required by ESSC and if required, a post-offer physical evaluation.
- Ability to obtain and maintain a criminal record/fingerprint clearance from the Department of Justice and
Federal Bureau of Investigation, per Easterseals of Southern California and/or program requirements. - Understanding and application of security best practices, risk management, regulatory, contractual, and
relevant statutory requirements (HIPAA, CIS Critical Controls, NIST, ISO 27001/2, SOC2). - Knowledge of applicable laws and practices relating to information privacy and security.
- Firm understanding of risk management principles.
- Demonstrated knowledge of business software and hardware, knowledge of security related applications,
familiarity with ticketing systems, and strong customer service and organizational skills.