Senior Information Security Analyst
Apply NowCompany: Veritas Search Group
Location: Henderson, NV 89052
Description:
This role requires candidates who are currently authorized to work in the U.S. without sponsorship, and C2C arrangements are not accepted. This role is also fully on-site.
Senior Information Security Analyst - Risk and Compliance
The Senior Information Security Analyst will be responsible for driving and supporting the execution of the organization's Information Security Management Program. This role includes coordinating risk remediation, conducting risk assessments, and making recommendations for mitigation to protect systems and reduce potential losses. The position focuses on enhancing risk management quality through metrics and Key Risk Indicators (KRIs) based on security events. There are two distinct roles under this position, and each has different focus areas and requirements.
Role 1 - Risk and Compliance Specialist
This role primarily focuses on Governance, Risk, and Compliance (GRC), including third-party risk managementand internal risk assessments. The candidate will be involved in evaluating technical risks, managing GRC tools, and providing guidance on the implementation of policies, procedures, and regulatory standards.
Responsibilities:
What Role 1 is looking for:
Role 2 - Information Security Policy and Audit Specialist
This role focuses on information security policy writing, audit management, and compliance certification processessuch as ISO 27001, SOC 2, and HITRUST. The candidate will lead projects related to security assessments, internal audits, gap analysis, and managing the audit process.
Responsibilities:
What Role 2 is looking for:
General Qualifications for Both Roles
Senior Information Security Analyst - Risk and Compliance
The Senior Information Security Analyst will be responsible for driving and supporting the execution of the organization's Information Security Management Program. This role includes coordinating risk remediation, conducting risk assessments, and making recommendations for mitigation to protect systems and reduce potential losses. The position focuses on enhancing risk management quality through metrics and Key Risk Indicators (KRIs) based on security events. There are two distinct roles under this position, and each has different focus areas and requirements.
Role 1 - Risk and Compliance Specialist
This role primarily focuses on Governance, Risk, and Compliance (GRC), including third-party risk managementand internal risk assessments. The candidate will be involved in evaluating technical risks, managing GRC tools, and providing guidance on the implementation of policies, procedures, and regulatory standards.
Responsibilities:
- Implement and administer GRC tools like TrustCloud, OneTrust, and similar platforms.
- Conduct risk assessments of IT systems, applications, and infrastructure.
- Assess third-party risks, including SOC 1 and SOC 2 Type I and II report evaluations.
- Facilitate risk identification, analysis, and remediation processes.
- Develop and maintain IT risk and compliance policies in line with frameworks such as ISO 27001, NIST, HIPAA, PCI-DSS, and CCPA.
- Produce executive-level IT risk reports with both qualitative and quantitative estimates.
- Assist in managing the Data Subject Request process under privacy laws such as CCPA.
- Collaborate with business units to ensure compliance is integrated into new projects.
What Role 1 is looking for:
- Strong background in GRC with experience managing tools like TrustCloud or OneTrust.
- Expertise in third-party risk management, including evaluating SOC 1/SOC 2 reports.
- Hands-on knowledge of regulatory compliance frameworks like HIPAA, CCPA, NIST, and ISO 27001.
- Ability to manage and report on risks at both the executive and middle-management levels.
- Experience in privacy and compliance with a focus on third-party evaluation and governance.
Role 2 - Information Security Policy and Audit Specialist
This role focuses on information security policy writing, audit management, and compliance certification processessuch as ISO 27001, SOC 2, and HITRUST. The candidate will lead projects related to security assessments, internal audits, gap analysis, and managing the audit process.
Responsibilities:
- Lead efforts in certification processes (ISO 27001, SOC 2, HITRUST) including gap analysis, evidence collection, and coordination for audits.
- Write and maintain security policies and procedures in support of control frameworks like ISO 27001/2 and COBIT.
- Conduct internal audits and assessments, ensuring compliance prior to external audits.
- Assess and report on technical risk related to internal systems and develop appropriate risk mitigation strategies.
- Monitor and enforce compliance with IT security standards and manage the audit lifecycle.
- Provide recommendations for security improvements and report on compliance status.
What Role 2 is looking for:
- Expertise in security policy writing and experience with certifications such as ISO 27001, SOC 2, and HITRUST.
- Strong knowledge in audit management, gap analysis, and documentation required for external certifications.
- Experience in internal audits and ensuring compliance prior to audits.
- Proficiency in technical risk assessment, with a background in evaluating security controls like encryption, authentication, and access permissions.
- Familiarity with regulatory frameworks and standards such as HIPAA, CCPA, and NIST 800-53.
General Qualifications for Both Roles
- Required:
- Bachelor's degree in Business, Information Technology, or related field or 5+ years of equivalent work experience.
- 6+ years of experience in Governance, Risk, and Compliance, with 3+ years in project management or business analysis.
- Preferred:
- Certifications such as CRISC, CISA, CISSP, FAIR, or SSCP.
- Familiarity with IT systems including servers, networks, and cloud technologies.
- Experience with HIPAA, PCI-DSS, and other regulatory compliance frameworks.