by Devendra
Job ID: 7090
Role: Compliance Analyst
Location: Remote
Compensation: $90k
Job Type: Perm/Full Time
The Compliance Analyst is a key member of the Information Security team and is responsible for training employees on industry standards, developing policies, and evaluating compliance.
Job Responsibilities:
- Researching industry compliance regulations and policies.
- Evaluating internal operational and procedural compliance.
- Identifying, analyzing, and resolving compliance issues.
- Analyzing and updating existing compliance policies and related documentation.
- Communicating compliance policies and guidelines to Management and designated departments.
- Developing procedures and workflows to meet compliance documentation standards.
- Serving as an SME on all compliance-related matters.
- Developing and executing new compliance policies and procedures as required.
- Applying for compliance certification and regulatory approval.
- Developing and maintaining a compliance recordkeeping system.
- Training employees on industry compliance requirements.
- Maintaining communication with compliance regulators and following up on applications.
- Liaison with regulatory and/or compliance bodies on behalf of Honorlock.
- Keeping up with compliance requirements and amendments to regulations.
- Complete regular internal audits of our systems and processes.
by Devendra
Security Risk Analyst
A successful candidate will have a strong background in the following areas:
• Development and execution of cyber risk assessments for Honorlock applications, products, and services
• Risk identification through the performance of risk assessments and other measures
• Preparation of risk assessment findings and reports on remediation plan progress
• Due diligence as part of M&A initiatives.
Responsibilities include
• Administration of the cyber risk management program following the NIST or other equivalent cyber risk management framework and other security standards and related industry best practices
• Performance of enterprise cyber risk assessments to identify inherent and residual risks
• Analyze and document findings, recommend and report program gaps to leadership
• Administration of the security risk register and related remediation activities
• Administration of the risk management information system
• Collaboration with technology and business stakeholders to develop and document risk treatment plans in line with the enterprise risk appetite
• Report key metrics including the status of assessments, issue management, and risk management
• Develop and maintain documentation on processes, procedures in accordance with standards, regulations, and industry best practices
• Maintain an understanding of emerging trends in information security threats and risks
• Prepare and present risk assessment findings, guide remediation plans and report on progress
Minimum Qualifications
• Bachelor's or Master's degree in Business, Information Technology, Computer Science or
experience
• Must possess 2+ years' experience in compliance, information security, and/or information technology with a focus on security/risk.
• Understanding of cybersecurity risk management maturity practices and frameworks
• Proficiency in the application of NIST Cyber Security Framework (CFS), SOC 2, ISO 27001, and other best-practice standards.
• Understanding of a broad range of security technical concepts
• Excellent project management and organizational skills
• Excellent communication, interpersonal skills, and sound business judgment
Preferred Qualifications:
• Experience performing assessments of IT-related processes such as system and information
security, system development, and change management, computer operations, and data protection
• Experience working with internal and external cybersecurity audits, vulnerability and risk
assessments
• Experience in managing issues through risk analysis/treatment/mitigation processes
