Security Analyst - Compliance (Remote)

Lensa is a career site that helps job seekers find great jobs in the US. We are not a staffing firm or agency. Lensa does not hire directly for these jobs, but promotes jobs on LinkedIn on behalf of its direct clients, recruitment ad agencies, and marketing partners. Lensa partners with DirectEmployers to promote this job for Jostens. Clicking "Apply Now" or "Read more" on Lensa redirects you to the job board/employer site. Any information collected there is subject to their terms and privacy notice.

JOB TITLE: Security Analyst – Compliance (Remote)

LOCATIONS: Santiago, DR

General Description Or Purpose Of Job

The Security Analyst – Compliance is primarily responsible for helping ensure our organization adheres to the SOC 2 (System and Organization Controls) requirements. Further, the incumbent will help maintain compliance with our PCI DSS program, SOX program, and internal policies and standards.

This role will collaborate with cross-functional teams to collect and assess evidence to satisfy security requirements. The individual must be a motivated team player with a positive attitude, solid interpersonal skills and someone who can quickly take ownership within their area. The individual must be hands-on, work under minimal supervision and can work in a fast-paced environment.

Responsibilities / Essential Functions

SOC 2 Program Management:

• Lead or assist in the development and maintenance of the SOC 2 program, including policies, procedures, and controls.
• Conduct internal assessments to identify and mitigate risks related to SOC 2 compliance.
• Coordinate and collaborate with external assessors and stakeholders
• Prepare reports and presentations on SOC 2 compliance status.
  
  

SOX And IT Policy/Standard Program Support

• Provide support to help ensure compliance with Jostens Information Security Program, and PCI and SOX programs.
  
  

While the primary role is SOC 2 compliance, the candidate will be asked to back up other GRC activities.

Additional Duties And Responsibilities

• Risk Assessment: Assess risk, and coordinate, document, and validate evidence to meet Jostens cybersecurity and risk requirements. Ensure appropriate treatment of risk.
• Audit/Assessments: Facilitate audits and assessments of IT programs and individual components to determine compliance with published standards (e.g., ISO27000, PCI, etc.).
• Third Party Risk Management
• Training: Develop, plan, coordinate, deliver, and/or evaluate training courses.
• Metrics: Regularly report security metrics, proposing improvement as needed.
• Privacy: Coordinate with legal and IT teams on privacy requests.
  
  

Required

Education:

• Bachelor’s degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity or other applicable area, or related work experience.
  
  

Experience

• Minimum one year in Information Security, IT Audit, or related role
  
  

Professional Skills

• Excellent analytical and problem-solving skills
• Strong written and verbal communication skills
• Ability to collaborate with cross-functional teams and external partners.
• Attention to detail with experience prioritizing and managing multiple projects with competing priorities.
• Strong influencing, problem solving and decision-making skills.
  
  

Preferred

• Five years in Information Security, IT Audit, or related role
• Working knowledge of SOC2 requirements.
• Hands-on experience with SOC 2 Type 2 and PCI DSS compliance programs.
• Experience with security risk assessment methodologies and tools
• Experience related to Audit, Security, Governance, Risk and Compliance, and/or process development/documentation.
• Understanding or familiarity with frameworks (ISO27001, NIST, GDPR, CCPA, PCI, SOX, etc.)
  
  

If you have questions about this posting, please contact [email protected]