Position Details

SolTech Services

Job Title: Information Protection Compliance Analyst
Location: Perimeter
State: Atlanta, GA Metro Area
Date Posted: 5/18/2010 8:48:00 AM
Position Description:

The Information Protection Compliance Analyst will be responsible for managing annual certification and compliance with legal, regulatory and contractual security requirements. The ideal candidate will leverage security and travel industry knowledge along with assessment, organizational and consultancy skills to meet regulation timelines aligned to business demands. The incumbent must demonstrate strong abilities to build relationships, load balance efforts and effectively deliver on commitments.
Responsibilities:
  • Maintain a strong understanding of regulatory requirements
  • Enable and assist internal business units to build and maintain certified systems and infrastructures
  • Recommend and implement business security strategies, architectures and infrastructures that align with business strategies and requirements
  • Recommend, draft and execute business security policies, standards and other documentation as necessary
  • Develop and implement business security awareness programs as appropriate
  • Analyze and expand where necessary, business security management processes and methodologies
  • Work with business units to assess the impact of strategic business directions on information security threats, vulnerabilities and risks
  • Document, audit and report on security compliance within the business
  • Provide security subject matter expertise on projects undertaken by business units, application development and technology teams that may impact compliance efforts
  • Manage all project related work assignments up to and including project implementation and regulatory delivery
  • Define appropriate frameworks for compliance initiatives
  • Validate audit programs include appropriate and material controls
  • Implement, maintain and manage information protection risk assessment initiatives
  • Implementing and maintaining ISO registration initiatives
  • Function as the Security lead on SAS-70, PCI, EU Safe Harbor, General Computer Controls, and client audits
  • Meet with external auditors to review and formulate responses to audit findings
  • Perform internal audits on procedures to ensure compliance with audit objectives
  • Reviewing, documenting, evaluating and testing Information Security controls
  • Review, update and document IT procedures ensuring that audit control objectives are included in the procedure
  • Review, update and document application architecture and data flow diagrams in order to assist with auditing and risk analysis
  • Evaluate and communicate control strengths and weaknesses with audit, IT management and business unit staff in order to plan an effective and efficient integrated audit approach and remediation plan
  • Analyze reports from information security systems including: log consolidation, patch compliance, change control, vulnerability, IDS, and content management
Required Qualifications:
  • Extensive working experience with the Payment Card Industry Data Security Standard
  • Strong working knowledge of risk assessment, methodologies and compensating controls
  • Strong working experience interacting with external auditors, management, and internal resources to discuss and address security concerns
  • Strong working knowledge of Windows XP/2000/2003/2008, Active Directory, and IT Infrastructure security, audit, and control methods and concepts
  • Working knowledge of anti-virus systems, vulnerability management, and violation monitoring
  • Working knowledge of AS400 and PeopleSoft security, audit, and control methods and concepts
  • Working knowledge of security infrastructure and network architecture including but not limited to encryption, firewalls, and virtual private networks
  • Working knowledge of COBIT requirements
  • Strong capabilities in gap analysis, review and validation of relevant regulatory requirements
  • Strong working capability to provide guidance and technical direction to technical resources
  • Knowledge of ISO (9000, 27000, 20000) frameworks and other relevant security frameworks
  • Knowledge of EU / Safe Harbor requirements and Privacy Laws
  • PCI SSC certified Qualified Security Assessor (QSA) qualification strongly preferred
  • Professional certifications from ISACA (CISA, CISM), (ISC)2 (CISSP), CIPP, HISP or SANS strongly preferred
  • Bachelor's Degree (B.A.), or equivalent combination of education and experience in Information Protection, Computer Science, Management Information Systems or related curriculum
  • Experience with any ISO registration strongly preferred
  • Aptitude to prioritize and load balance sensitive projects concurrently
  • Strong organizational, time management, decision making, and problem solving skills
This job has already been filled. Thank you for your interest.
Return to Position Listing