Information Assurance - Risk & Compliance Analyst II

Niagara Falls, NY 14301

Posted: 03/19/2019 Employment Type: Permanent Industry: IT Job Number: 1268 Pay Rate: Negotiable

Lighthouse Technology Services is seeking an Information Assurance Risk & Compliance Analyst II for an immediate direct hire role in Niagara Falls/Buffalo, NY.

Requirements Include:

  • Must be willing to work nights, weekends and holidays as required. On-call 24x7 as needed.
  • Employment is contingent upon a favorable outcome of a background investigation and drug screening.
  • Must be 18 years of age or older upon employment.
  • Bachelor’s Degree in an Information Technology related field.
  • Minimum of three (3) years of work experience in a related Information Technology role is required.
  • An equivalent combination of education and/or experience may be substituted for the above requirements.
  • ISACA CISA certification is required.
  • GIAC (Global Information Assurance Certification)/GSNA (GIAC Systems & Network Auditors) certification or equivalent background is recommended.
  • Experience with the IT audit/assessment process (ITGC, SOX, PCI).
  • Experience with Microsoft Active Directory environment and baseline concepts required.
  • Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities required.
  • Understanding of networking principles and standards.
  • Experience with information security tools and utilities.
  • Experience with network security practices.
  • Experience with email applications required, Microsoft Outlook experience preferred.
  • Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
  • Previous experience working in a hospitality or financial services environment is desired.
  • Must be able to learn all production applications/systems well enough to understand the security requirements of each position.
  • Must possess excellent communication skills.
  • Must possess excellent analytical skills.
  • Must be resourceful, utilizing all resources that are available to resolve issues.
  • Must have the ability to resolve problems/conflicts in a diplomatic and tactful manner.
  • Must be able to work with little direction and supervision.
  • Must demonstrate good judgment.
  • Must be a team player with strong interpersonal skills.

Responsibilities Include:

 

  • Ensuring the confidentiality, integrity and availability of the company’s information assets within a blended information security framework based on published guidance from CIS, NIST, PCI DSS, ISACA (CoBIT), NIGC and a pragmatic/risk-based approach.
  • Directly engaged in the development and interpretation of information security-based programs and policies and a full range of services tied to implementation, enforcement, compliance, and promotion of information security awareness throughout the enterprise.
  • Responsible for providing guidance and support for client business units during applicable audits.
  • Directly responsible for the coordination between the Information Technology (IT) department and internal/external audit participants.
  • Acts as primary information assurance resource on business-driven project teams and mentor for other information assurance resources.
  • Champion and drive continuous improvement within governance, risk, and compliance areas.All duties are to be performed within the guidelines of the client's policies and procedures, Internal Control Standards, and objectives.
  • Directly responsible for leading Information Security & Assurance (ISA) governance support, focusing on all aspects of regulatory compliance, with particular emphasis on Sarbanes Oxley (SOX), PCI, MICS, ITGC and other industry and regulatory compliance requirements.
  • Analyzes information security risks, develops and proposes appropriate information security controls line with industry-accepted frameworks, standards, guidelines and best practices.
  • Recommends changes to existing controls to improve information security risk posture and in response to changes in risk.
  • Directly responsible for all ISA audit & review functions to include direct liaison with the primary regulatory entity.
  • Directly responsible for all  ITGC internal control testing, validation, and any required remediation coordination.
  • Drives all communications of accurate and timely information to all external and internal stakeholders concerning information technology audit status and other inquiries.
  • Functions as lead for Information Assurance processes, procedures, and specifications as part of continuous organizational improvement initiatives.
  • Schedules and facilitates ongoing reviews of internal policies, processes, and procedures while assessing compliance, identifying weaknesses or gaps, and tracking through remediation.
  • Plans, performs, and leads IT audit assignments to assess the efficiency and effectiveness of business processes and related controls.
  • Drives all communications with departmental leadership to understand applicable policies; assist with development of procedures for their staff which will meet or exceed policy and compliance standards, achieve practical and efficient workflow, and support business objectives.
  • Prepares detailed documentation that provides evidence that audits were conducted in accordance with SGC standards.
  • Drafts, prepares, and submits audit evidence requests.
  • Assists with baseline Information Security operational functions, systems reviews, and report reviews.
  • Assists the Internal Audit team and/or department heads in developing risk assessments and annual plans with specific emphasis on IT systems and applications.
  • Assists the internal Legal team with review and formulation of pertinent information security/assurance language for contracts.
  • Assists the internal Application Support team (acting as ISA liaison) specific to initiatives with core enterprise applications - ACSC, LMS, SWS, Infinium, Kronos, InfoGenesis, other as required.
  • Functions as administrative lead for system access authorization components of client's Identity & Access Management Program.
  • Functions as administrative lead for the Change Management Program.
  • Functions as administrative lead for the PCI Compliance Program.
  • Functions as the lead for ISA metric report generation and presentation.
  • Functions as lead for Information Security & Assurance systems (hardware/software) contract maintenance functions.
  • Functions as lead for administration of any ISA-specific Sharepoint site and associated content.
  • Provides primary oversight for ISA resource work order assignments to confirm all are mapped to defined standards.
  • Provides primary oversight for ISA resource project assignments to confirm all deliverables are mapped to defined standards.
  • Develops and delivers progress reports, proposals, requirements documentation and presentations.
  • Keeps abreast of the latest threats and vulnerabilities through independent study, and researches related technologies.
  • Represent ISA interests in core departmental meetings
  • All work products must comply with Internal Controls, Minimum Internals Control Standards (MICS), Sarbanes-Oxley (SOX), and Payment Card Industry DSS (PCI DSS).
  • Maintain a working knowledge and practical application of information security principles and practices as they relate to their job responsibilities.Proactively assess potential risks and vulnerabilities within the environment.
  • Maintain a current understanding of all policy and guidelines regarding information security including the client's Acceptable Use Policy.Understand and comply with all information security policies and procedures at all times.
  • Provide exceptional customer service to all patrons and communicate in a pleasant, friendly and professional manner at all times.Maintain a professional work environment with supervisors, managers, and staff.
  • Must complete all required Training programs within nine (9) months from commencement of employment in this position.
  • Duties, responsibilities, requirements and expectations pertaining to this job are subject to change as needed.Hours are determined by a 24-hour schedule.

 

Requirements Include:

  • Must be willing to work nights, weekends and holidays as required. On-call 24x7 as needed.
  • Employment is contingent upon a favorable outcome of a background investigation and drug screening.
  • Must be 18 years of age or older upon employment.
  • Bachelor’s Degree in an Information Technology related field.
  • Minimum of three (3) years of work experience in a related Information Technology role is required.
  • An equivalent combination of education and/or experience may be substituted for the above requirements.
  • ISACA CISA certification is required.
  • GIAC (Global Information Assurance Certification)/GSNA (GIAC Systems & Network Auditors) certification or equivalent background is recommended.
  • Experience with the IT audit/assessment process (ITGC, SOX, PCI).
  • Experience with Microsoft Active Directory environment and baseline concepts required.
  • Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities required.
  • Understanding of networking principles and standards.
  • Experience with information security tools and utilities.
  • Experience with network security practices.
  • Experience with email applications required, Microsoft Outlook experience preferred.
  • Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
  • Previous experience working in a hospitality or financial services environment is desired.
  • Must be able to learn all production applications/systems well enough to understand the security requirements of each position.
  • Must possess excellent communication skills.
  • Must possess excellent analytical skills.
  • Must be resourceful, utilizing all resources that are available to resolve issues.
  • Must have the ability to resolve problems/conflicts in a diplomatic and tactful manner.
  • Must be able to work with little direction and supervision.
  • Must demonstrate good judgment.
  • Must be a team player with strong interpersonal skills.

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.