Summary of the Role:
The Cybersecurity, Audit and Compliance Analyst is responsible for working with databrackets’ clients in several capacities, including but not limited to:
- reviewing compliance and Cybersecurity posture;
- Drafting and delivering technical reports;
- drafting security policies and procedures;
- Building maturity models, creating business proposals;
- delivering a host of technical and business-centric documentation and work products.
As an analyst, You will also be responsible for managing projects, drafting work products, executing Governance, Risk & Compliance (GRC) engagements, and ensuring that databrackets’ clients meet their compliance, privacy, and/or security requirements.
General Duties and Objectives
- Perform analysis and trending (reports, dashboards, status, etc.) on internal or external progress or events affecting clients’ information security.
- Engage with clients to understand technical process steps, identify risks, and drive toward completed documentation that aligns with the various programs.
- Manage client meetings, including ensuring all data requests, timing and schedules, and contact points are defined.
- Prepare client deliverables utilizing excellent analytical, writing, and presentation skills.
- Research regulations by reviewing regulatory bulletins and other sources of information.
- Prepare management reports.
- Consult with leadership to improve control efficiencies and operating effectiveness.
- Partner with key client stakeholders to obtain and review compliance to support technical ISO, SOC 2, and other certification/attestation requirements.
- Support the completion of the annual HIPAA, NYDFS, ISO, NIST, COSO, or other clients’ attestations.
- Manage key compliance milestones for critical systems and complex processes.
- Ensure that all IT policies and procedures are documented and updated according to regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and that the repository or system of record is up to date defined by the IT Governance program.
- Coordinate various GRC repository system improvement projects and activities to enhance the system of record and maintain effective process controls.
- Develop and maintain risk registers and design self-assessments to help identify risks.
- Serve as an escalation point to track and follow up on risk events.
About the Ideal Candidate
- University degree in Computer Science, Information Technology or equivalent
- 2 to 3 years of IT audit experience.
- BS/MS Degree in Computer Science or related field and/or 5 years of experience in Information Security or Assurance, Privacy, Forensics or IT Audit preferred.
- CISA, CISM, CIPP, CIA, SANS GIAC, CISSP, and/or other cybersecurity-related certifications recommended. Security certifications such as GSNA, GCCC, CISSP, or other related certifications.
- Excellent written and verbal communication skills.
- Knowledge of IT controls, risk assessments, and the design and testing of security measures.
- Understanding of technical audit processes.
- Understanding of Cyber and Information Security and how to align client initiatives with the company’s business objectives.
- Demonstrated success in a client-facing service role.
- Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
- Key Security Framework Background: Understand cybersecurity frameworks and implement or adapt to an organization’s security program to become certified. Such frameworks include ISO 27001/2; NIST Security frameworks including CSF, 800-171, 800-53, 800-37, FEDRAMP.
- Key Compliance Background: Understand how to review control design from policy to procedure to evidence. Have experience in making improvement recommendations and remediating control design.
- Familiarity with data governance and privacy regulations: GLBA, NYDFS, Subject matter expertise related to:
- SSAE 18 / SOC 1 / SOC 2
- IT risk assessment / operational IT audit
- IT general controls
- COBIT framework