Information Assurance Risk & Compliance Analyst I

Niagara Falls, NY 14301

Posted: 03/19/2019 Employment Type: Permanent Industry: IT Job Number: 1267 Pay Rate: Negotiable

Lighthouse Technology Services is seeking an Information Assurance Risk Compliance Analyst to create and interpret information security policies and assist with implementation and enforcement.  This is an immediate direct hire role in Niagara Falls/Buffalo, NY. 

Requirements Include:

  • Must be 18 years of age or older upon employment.
  • Bachelor’s Degree in an Information Technology related field.
  • Minimum of one (1) year of work experience in a related Information Technology role is required.
  • An equivalent combination of education and/or experience may be substituted for the above requirements.
  • ISACA CISA Certification is strongly preferred.
  • CompTIA Security+ Certification is preferred.
  • MCITP: Server Administrator Certification is preferred.
  • Experience with the IT audit process (PCI, ITGC, SOX).
  • Understanding of networking principles and standards.
  • Experience with information security tools and utilities.
  • Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities required.
  • Experience with network security practices.
  • Experience with email applications required, Microsoft Outlook experience preferred.
  • Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
  • Previous experience working in a hospitality or financial services environment is desired.
  • Must be able to learn all production applications/systems well enough to understand the security requirements of each position.
  • Must possess excellent communication skills.
  • Must possess excellent analytical skills.
  • Must be resourceful, utilizing all resources that are available to resolve issues.
  • Must have the ability to resolve problems/conflicts in a diplomatic and tactful manner.
  • Must be able to work with little direction and supervision.
  • Must demonstrate good judgment.
  • Must be a team player with strong interpersonal skills.

Responsibilities Include:

 

  • Promotes information security awareness and monitors compliance with enterprise information security policies.
  • Responsible for providing guidance and support for client business units during applicable audits.
  • Assists with the coordination between IT and internal/external audit participants by acting as the liaison.
  • Relies on pre-established policies and procedures to perform the functions of the job.
  • Responsible for providing Information Assurance and Security governance support, focusing on all aspects of regulatory compliance, with particular emphasis on Sarbanes Oxley (SOX), PCI, MICS, ITGC and other industry and regulatory compliance requirements.
  • Responsible for scheduling and facilitating ISA applicable daily, quarterly and annual audit functions.
  • Responsible for testing client ITGC internal controls on a scheduled basis.
  • Provides accurate and timely information to all external and internal stakeholders concerning information technology audit status and other inquiries.
  • Documents and refines Information Assurance processes, procedures, specifications for continued organizational improvement.
  • Schedules and facilitates ongoing reviews of internal policies, procedures and assessing compliance, identifying weaknesses or gaps and tracking through remediation.
  • Plans, performs, and leads IT audit assignments to assess the efficiency and effectiveness of business processes and related controls.
  • Communicates with department leadership to understand applicable policies; assist to develop procedures for their staff which will meet or exceed policy and compliance standards, achieve practical and efficient workflow, and support business objectives.
  • Develops and distributes reports that include findings and recommended remediation steps.
  • Prepares detailed documentation that provides evidence that audits were conducted in accordance with client standards.
  • Drafts, prepares, and submits audit evidence requests.
  • Assists the Internal Audit team and/or department heads in developing risk assessments and annual plans with specific emphasis on IT systems and applications.
  • Develops and delivers progress reports, proposals, requirements documentation and presentations.
  • Keeps abreast of the latest threats and vulnerabilities through independent study, and researches related technologies.
  • All work products must comply with Internal Controls, Minimum Internals Control Standards (MICS), Sarbanes-Oxley (SOX), and Payment Card Industry DSS (PCI DSS).
  • Maintain a working knowledge and practical application of information security principles and practices as they relate to their job responsibilities.Proactively assess potential risks and vulnerabilities within the environment.
  • Maintain a current understanding of all policy and guidelines regarding information security including the client Acceptable Use Policy.Understand and comply with all information security policies and procedures at all times.
  • Provide exceptional customer service to all patrons and communicates in a pleasant, friendly and professional manner at all times.Maintain a professional work environment with supervisors, managers and staff.
  • Must complete all required Training programs within nine (9) months from commencement of employment.
  • Duties, responsibilities, requirements and expectations pertaining to this job are subject to change as needed.Hours are determined by a 24-hour schedule.

Requirements Include:

  • Must be 18 years of age or older upon employment.
  • Bachelor’s Degree in an Information Technology related field.
  • Minimum of one (1) year of work experience in a related Information Technology role is required.
  • An equivalent combination of education and/or experience may be substituted for the above requirements.
  • ISACA CISA Certification is strongly preferred.
  • CompTIA Security+ Certification is preferred.
  • MCITP: Server Administrator Certification is preferred.
  • Experience with the IT audit process (PCI, ITGC, SOX).
  • Understanding of networking principles and standards.
  • Experience with information security tools and utilities.
  • Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities required.
  • Experience with network security practices.
  • Experience with email applications required, Microsoft Outlook experience preferred.
  • Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
  • Previous experience working in a hospitality or financial services environment is desired.
  • Must be able to learn all production applications/systems well enough to understand the security requirements of each position.
  • Must possess excellent communication skills.
  • Must possess excellent analytical skills.
  • Must be resourceful, utilizing all resources that are available to resolve issues.
  • Must have the ability to resolve problems/conflicts in a diplomatic and tactful manner.
  • Must be able to work with little direction and supervision.
  • Must demonstrate good judgment.
  • Must be a team player with strong interpersonal skills.

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.