Security Risk and Compliance Analyst

Job Title: Security Risk and Compliance Analyst - PST

Classification: Full-time Exempt

Job Summary: The Security Risk and Compliance Analyst position will be responsible for providing technical and business assistance for a wide variety of information security risk and compliance related matters. The Security Risk and Compliance Analyst will assist in completing client and prospect security questionnaires, assessing risk in new software and vendor requests, and participating in risk and compliance audits. The position helps develop organization wide security policies, standards, procedures, and best practice documentation. It requires skills in reviewing and prioritizing vulnerability findings, advising on remediation prioritization, as well as developing cyber security policies and responding to cyber security related alerts.

Primary Duties & Responsibilities

• Assist in completing and reviewing security questionnaires, requests for proposal (RFP), requests for information (RFI), and vendor evaluations as needed
• Support and participate in the organization’s Continual Improvement Program to conform to ISO 9001 and ISO 27001 requirements by meeting QMS and ISMS objectives
• Working across the security team to help implement various processes and technologies related to the NIST framework
• Perform security evaluations of new software products across the business and provide risk feedback to requesting ISN team members
• Monitor security solutions for efficient and appropriate operations
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
• Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Understand and continue to develop cyber security policy and procedure
• Assist in security threat and impact assessments as input to overall information security strategy
• Respond to cyber security alerts including DLP alerts, attempting remediation, and escalation as required
• Manage and maintain simulated phishing campaigns, reviewing and recommending training content, and developing strategy to best prepare and train the organization to respond to the ever-changing threat landscape
• Assist in documenting and escalating incidents (including event history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
• Coordinate with cyber security staff to correlate threat assessment data and validate network alerts
• Pick up service tickets within established SLAs and escalate to higher tiers as needed
• Support security engineers as needed
• Participate in security incident response efforts
• All employees have a professional duty to provide any information related to security issues, incidents or situations that present a potential security risk to the ISO Team, ISN Management or their Supervisor

Education and Training Requirements

• Bachelor’s Degree in Cyber Security, Risk and Compliance, or equivalent/related field or equivalent years of experience.
• CISSP, PMP, CEPT, GIAC or similar relevant information security certifications.

Knowledge and Skills

• 4+ years of risk and compliance experience
• 2+ years in an information security or risk and compliance role
• Experience writing and updating security policy and documentation
• Work with key business leaders to help identify critical assets
• Must be self-directed, able to work independently, as well as work in a team-oriented, geographically diverse/multiple locations, and fast paced environment
• Ability to deliver or explain technical concepts to non-technical customers and internal stakeholders
• Experience in the creation of technical documentation including Visio diagrams
• Understanding of basic frameworks for mitigating Vendor risk
• Knowledge of how criminal culture communicates/works on the Internet
• Knowledge of the OSI Reference Model and its security implications
• Ability to understand, and advise on applying security controls or rules (anti-virus, IPS/IDS,DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPN's) and how they work in an overall defense in depth risk assessment methodology
• General understanding of TCP/IP networking and security
• Experience with cloud technologies and architecture is an asset
• Ability to work on multiple tasks simultaneously
• Excellent verbal and written communication skills
• Strong organizational skills and attention to detail
• Ability to work well in a fast-paced environment

ISN Benefits*

• 100% company-paid monthly insurance premiums for employees and dependents
• Medical, Dental, Vision, and Life Insurance
• Employee assistance program
• 4% retirement matching 
• Long-Term & Short-Term Disability Coverage
• Paid time off
• 0-1 year – 15 day (pro-rated first year)
• 1-5 years – 20 days
• 5-10 years – 25 days
• 10+ years – 30 days
• Holidays – 13 paid holidays
• Monthly cell phone reimbursement
• Complimentary parking space or monthly reimbursement for DART public transportation
• Team-building activities and events, including quarterly kick-off meetings and community volunteer day
• Matching charitable gift program
• Professional development & training opportunities
• Wellness Program: Focuses on community, financial, mental, nutrition, physical and social health
• Business casual, jeans allowed

*All benefits are subject to change with notice to the employee

The location: ISN is based in Dallas, TX. The Dallas-Fort Worth metroplex is the fourth largest metropolitan area in the country, with a wide variety of excellent schools, entertainment venues, sports teams, and museums. ISN’s headquarters is in uptown Dallas, a short walk from multiple restaurants and shops, with easy access to public transportation and major highways.

Employees must be within a commutable distance to the Dallas, TX office. Your role will have the option to work remotely with at least one in-person engagement required on a quarterly basis (team collaboration day, ISN event, team event etc.). This is subject to change dependent upon business needs and the tasks associated with your role.

All job offers will be contingent on successful completion of a drug screen and background check.