Compliance Analyst

DirectDefense is currently seeking a Compliance Analyst to join our Compliance team. The Compliance Analyst will be responsible for identifying, assessing, and reporting on IT risks in a manner that meets legal and regulatory requirements. Additionally, they will oversee the operational activities related to the ongoing assessment and reporting of IT risks. Specifically, the consultant will be responsible for performing risk assessments, compliance assessments, and audits (internal and external) spanning various compliance frameworks and working with organizations from multiple industries not limited to but including the financial sector, healthcare, government, and information security. In addition to conducting assessments, the consultant should be able to assist with the design and implementation of an entire Information Security Program or any sub-component of the program.

Required experience:

• 2 years of risk and compliance experience performing any of the following assessments: ISO 27001, PCI-DSS, GDPR, NIST SP 800-53, or HIPAA.
• Knowledge of security architecture, infrastructure, network, and systems design. 
• Advanced knowledge of common IT and security concepts including firewall management, server management, SIEM, IDS/IPS, web proxies, access control and authentication. 
• Experience in security policy frameworks and control design. 
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, and identify compensating controls and remediation action plans. 
• Experience communicating effectively across business and technical boundaries in order to offer recommendations as an expert with best practices. 
• Ability to work independently without detailed guidance. 
• Proficiency in writing executive-level reports and technical documentation
• Remediation Planning
• Cybersecurity Strategic Planning
• Technical Writing

 A little about DirectDefense 

Since coming together in 2011 to form DirectDefense, our team has been committed to offering Cybersecurity defense strategies that are unmatched in the industry. Whether we are performing assessments of networks, platforms, and applications or applying managed services to improve your organization’s security posture, we are focused on providing world-class services that don’t just work–they work for you.

OUR MISSION

We establish partnerships with our clients based on trust and results. We leverage our deep industry knowledge and expertise to identify and remediate blind spots in your security program, provide meaningful visibility of your entire enterprise, and align your organization with security best practices and compliance standards.

OUR VISION

We aim to secure organizations across all industries against advanced threats and attacks in today’s world. Acting in partnership with organizations, we will provide unmatched information security services designed to improve your overall security posture, close gaps, and track vulnerabilities on an ongoing basis through continued education and support.

As required by Colorado law under the Equal Pay for Equal Work Act, DirectDefense provides a reasonable range of compensation for roles that may be hired in Colorado. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is $65,000-$75,000 per year with a commission package.