Senior Information Security Risk and Compliance Analyst
San Diego, CA
This is an exciting time to join PlanetArt’s Information Security team as a Senior Information Security Risk and Compliance Analyst. In this position you will be an integral part of advancing the company’s Information Security Program.
The Senior Information Security Risk and Compliance Analyst will execute projects related to information security compliance, risk management, third party risk, privacy support, policy evolution, and security awareness support. By joining our team, you will contribute to the overall advancement of PlanetArt’s Information Security Governance Risk and Compliance (GRC) capability.
The Senior Information Security Risk and Compliance Analyst will be tasked with executing risk and compliance assessments, evidence gathering, controls testing, and crafting risk memos. You will help the organization to understand, categorize and prioritize security risks, leading to clear security risk mitigation strategies. You will demonstrate confident execution of industry frameworks for information security and privacy initiatives.
This position will be responsible for communicating risks and context effectively across all audience types including technical and non-technical audiences and executive leaders.
- Conduct risk assessments throughout PlanetArt, developing and maturing internal procedures to identify information security risks and process deficiencies
- Develop and mature processes and procedures to report, identify, and prioritize risk remediation and ensure ownership and prioritization
- Develop and maintain risk register contents and underlying workflows to track identified risks, risk owners and action plans for risk remediation
- Develop and maintain metrics to communicate identified information security risks throughout PlanetArt
- Perform third party risk reviews of key partners and suppliers
- Engage control owners and key stakeholders across the organization to collect and test evidence and assess compliance to various compliance requirements
- Be a key player in building an Information Security Compliance Management program and recommend, drive, and implement improvements
- Identify areas of risk through gathering facts and partnering with other experts across the company, escalating issues, risks, and problems to leadership as needed and as appropriate
- Communicate information security and compliance risks to team leadership, craft risk memos for leadership/executive management to ensure proper awareness and decision-making. In addition, maintain and foster relationships and trust with key partners throughout the company
- Provide advanced consultation to business units and technology teams on security best-practices and ongoing requirement
- Proactively stay informed of industry and media research to keep current of the latest security issues, threats, and technical capabilities.
- Contribute to and champion Information Security Awareness efforts
- 5+ years of Information Technology and/or Information Security experience focusing on compliance assessments, risk assessments, and/or technology audits
- Familiarity with security software products and audit tools used in distributed computing environments. Knowledge of how to implement application-level security controls and mechanisms
- Demonstrated advanced understanding of a broad range of technical concepts: logical access control, network security, encryption, application security, and privacy
- Understanding of various logging methods and security event terminology
- Familiarity with compliance frameworks such as PCI, CCPA, GDPR, ISO 27001/2
- Excellent written and verbal communication skills and ability to interface with all levels of business
- Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team-player with a can-do attitude
- Associate of ISC2, CISSP, CISA, CRISC, GIAC, or other security certifications highly desired
- Experience performing Risk/Threat/Vulnerability assessments and analyses and documenting information in a GRC tool
- Working knowledge of key elements for a successful Risk Management Program and related frameworks or standards
- Experience working with internal and external audit groups to ensure compliance with appropriate regulations and data protection directives
- Understanding of information security concepts, protocols, "industry best practices," strategies and ability to advise on process improvements
- Experience working with non-IT business units/departments, helping to implement security strategies and solutions and ability to translate concepts into “layman’s terms”
- Information security consulting experience or substantial cross-functional responsibilities.
How to Apply:
Please submit your resume and cover letter to firstname.lastname@example.org
We look forward to hearing from you!
www.planetart.com - Check us out!