Job Title Information Security Analyst
Location Anchorage, AK
Job Type Full-Time Regular
Job Description

The Information Security Analyst manages an enterprise-wide security governance, risk and compliance program; enabling the business to operate securely, protect its people, defend its assets and preserve shareholder value.  S/he is responsible for the day-to-day management and operation of enterprise wide activities relating to security governance, risk, compliance and audit.

Primary Responsibilities:
Develop and maintain Information security policies, procedures and standards.

Maintain a current knowledge of applicable laws, regulations, internal compliance policies and procedures.

Build and execute GRC programs.

Examine policies, procedures, and practices to ensure compliance with laws and regulations and implement any needed changes.

Develop departmental work instructions as well as training for auditing activities.

Manage security risk identification, mitigation and exception / acceptance processes.

Support the organization as a Subject Matter Expert in assessing risk both internally and externally.

Test to identify possible control weaknesses in departments and functions and other operational areas and recommend changes to minimize those weaknesses.

Draft recommendations to communicate control performance results and regulatory findings to management in an efficient, timely and concise manner.

Facilitate and ensure successful completion of various audits including but not limited to SOX, PCI, SSAE16, SOC2, etc.

Lead security compliance assessments, auditing, testing and monitoring both internally and externally.

Assist project teams with implementation of security controls and compliance frameworks.

Monitors industry regulatory environment for impact on security programs and changes to security compliance standards.

Monitors and assures compliance for all applicable regulatory and non-regulatory security requirements including SOX, PCI-DSS, SOC I/II and ISO 27001

Assist in the development of security audit procedures

Audit and assess third-party vendor risk.

Support security compliance initiatives and assessments including responses to client security organization audits, questionnaires.

User administration of roles and permissions pertaining to the compliance and risk system.

Provide systems administration training to end users.

Prepare analysis of cross functional risk data to identify trends.

Prepare reporting packages and highlight potential risks for review.

Perform risk assessments and audits.  Develop actions plans to mitigate risk potential throughout the organization.

Prepare routine, special, or ad hoc reports. Identify metrics that fall outside of risk tolerances and escalate within department.

Work with department stake holders to implement changes and continually monitor risk controls that are put in place.

Maintain dashboards, SLAs, KPIs relating to the health and operation of systems.

Primary Requirements:

Bachelor’s degree preferred.

A minimum of four years’ experience in Information Security, including a minimum of two years involving Information Security incident response.

Certifications are highly desired, such as CSX, GCPM, GIAC, GSEC, GCIH,GCIA, or other related IT, Information Security or Compliance certifications.

Experience with the common regulatory controls, such as: ISO 27001, NIST 800-53, SOX, PCI, SSAE16, SOC I & 2, HIPPA / HITRUST, COSO, COBIT.

Experience performing compliance and risk assessment audits.

Experience with GRC software preferred.

In-Depth understanding and working knowledge of information security data and processes.

back to top