Seach

Senior Information Security Compliance Analyst

Senior Information Security Compliance Analyst

Location: Remote/New York

Description:

The Senior Information Security Compliance Analyst (SISCA) will be responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the SISCA’s responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.

The SISCA will report directly to the Director of Compliance and InfoSec Risk and will work closely with BlueVoyant’s Chief Information Security Officer in collaboration with the internal security team.

Duties/Responsibilities:

●    Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.

●    Map BlueVoyant requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiencies.

●    Prior experience with supporting a FedRamp compliance program is very important to this role. This experience may include: development of policies and procedures, conducting compliance assessments against FedRamp requirements, and navigating the journey of achieving FedRamp compliance.

●    Track enterprise compliance across multiple security frameworks including SOC 2, Fedramp and CMMC and maintain up-to-date records of requirements and corresponding mitigating controls.

●    Monitor third-party risk assessments and assist in performing internal risk assessments.

●    Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.

●    Monitor BlueVoyant’s change management process to ensure compliance.

●    Develop key performance metrics to track and ensure compliance with established policies and standards.

●    Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.

●    Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.

Requirements:

●    Bachelor’s degree in business, with IT audit or compliance experience, or computer science, with business and IT audit or compliance experience desired

●    Knowledge and understanding of Fedramp, CMMC and SOC-2 information security standards

●    Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired

●    Minimum five years’ experience conducting security control assessments or audits

●    Minimum two years’ experience developing or managing a security awareness program

●    SOC-2 audit experience from a major professional services firm highly desired

●    At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired

●    Strong oral and written communication skills

●    Ability to maintain security documentation and manuals

●    Must have strong analytical and critical-thinking skills

●    High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities

About BlueVoyant

At BlueVoyant, we recognize that effective cyber security requires active prevention and defense across both your organization and supply chain. Our proprietary data, analytics and technology, coupled with deep expertise, works as a force multiplier to secure your full ecosystem. Accuracy! Actionability! Timeliness! Scalability!

Led by CEO, Jim Rosenthal, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200 and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies.

Founded in 2017 by Fortune 500 executives, including Executive Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest and Latin America.

All employees must be authorized to work in the United States. BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.