Senior Security Analyst – Risk and Compliance

Position Summary

The Senior Security Analyst - Risk and Compliance will spearhead Jenzabar’s Risk and Compliance efforts. The Senior Security Analyst will report to the Senior Director - Information Technology and support this ongoing transformation as a strategic, collaborative and trusted advisor and will be responsible for establishing and maintaining the company’s IT/Security governance, risk, and compliance program.

Essential Tasks

• Lead centralized audit and IT compliance support in the facilitation of all audit and other customer assessment requests and remediation efforts. Primary audits currently include SOC 2, PCI-DSS, HECVAT, and TX-RAMP/State-RAMP.
• Creating and maintaining IT Governance frameworks, policies, standards and procedures, and response plans.
• Drive consistency in the way IT/Security risks are identified, controls are implemented and monitored and share best practices and learnings across the company.
• Analyze current IT/Security risks and identify/monitor emerging risks which can affect the company and work with leaders and IT managers to ensure existing and emerging risks are understood and appropriate mitigations are implemented.
• Lead IT/Security risk and governance program activities, such as risk assessments, risk exceptions, risk ratings, risk mitigation and remediation recommendations.
• Document the company’s remediation efforts for IT/Security risk exposures, gaps, and deficiencies, and complete remediation validation to assess effectiveness of improved controls.
• Work with leadership to create, maintain, and present Key Risk and Performance Metrics (KRI/KPI).
• Identify and resolve technical, operational, risk management, and organizational challenges.
• Collaborate on developing and implementing a centralized audit evidence repository and GRC tools.
• Facilitate and oversee training to address identified weaknesses in team member knowledge of requirements, policies, or procedures, and to foster a culture of compliance.
• Provide support in documenting technology controls and technological landscape.

Required Skills and Qualifications

• Bachelor’s Degree in Information Technology or Information Security related field.
• 5+ years of experience working with governance, risk, and compliance within Information Technology and/or Information Security.
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certification preferred.
• Strong project management skills with inherent ability to drive multiple programs, stakeholders, and teams towards organizational goals.
• Experience developing frameworks and processes to drive a risk-based approach to incorporating standard frameworks such as COBIT, ITIL, ISO, COSO, and NIST into an enterprise compliance management process.
• Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations.
• Ability to influence others at senior levels and establish credibility and working relationships with a wide range of corporate personnel, including technical operations, management, and executives as well as internal audit and external regulators.
• Capable of establishing and maintaining an effective program structure that emphasizes the coordination of resources across projects, managing deliverables between projects, and the overall costs and risks of the compliance programs.
• Experience with the development of formal written reports to communicate audit results and recommendations to management and business stakeholders.
• Ability to facilitate productive meetings and work successfully in a team-oriented environment.
• Strong ability to handle multiple competing priorities in a fast-paced environment.

The pay range for this position is $80,000 - $100,000/year; however, base pay offered may vary depending on job-related knowledge, geographic location, skills, and experience. This position is eligible for an annual bonus in addition to a full range of benefits. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed.