|Title: IT Audit Analyst|
Location: Wellesley, MA
Duration: 6 month contract, extendable
The primary responsibilities of the Information Security and Compliance Analyst will work within the Information Security and Risk team and with various business groups across the Data & Analytics business to enhance our overall information security program. The successful candidate will work to ensure that all applicable policies are updated, adequate controls are consistently maintained, adhered to consistently throughout the company, and are well documented.
The position will require a basic understanding of key IT security controls, with a preferred emphasis on the ISO 27001/27002 or NIST standard frameworks or similar security standards if possible. The candidate should also possess excellent collaborative and problem-solving skills and an ability to work with groups of individuals across various functions to build solutions to remediate complex problems or deficiencies as needed. Targeted responsibilities will include:
- Assist in enhancing all information security related policies, standards, and procedures as well as build out a communications and training plan for these documents
- Assist in internal and external audits, client assessments and responding to RFPs
- Working with other Information Security team members to build and facilitate various training related programs and methods for delivery across the company.
- Assist in assessing 3rd Party technology risks by reviewing the security capabilities of our external vendors.
- Manage internal documentation page to ensure processes are well documented.
- Bachelor's degree with demonstrated interest in information security, technology, technology issues and analysis.
- Relevant experience with IT audit or information security
- Experience writing policies and standards and excellent documentation skills
- Requires strong analytical, organizational, and project management skills
- Requires strong oral and written communication skills and problem solving skills
- Ability to communicate compliance requirements to personnel at all levels of experience and responsibility
- Ability to work in a fast paced, dynamic environment.
- Attention to detail and priority/time management.
The Company is an equal opportunity employer and makes employment decisions on the basis of merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability, veteran or marital status, or any other class protected by law. To comply with applicable laws ensuring equal employment opportunities to qualified individuals with a disability, the Company will make reasonable accommodations for the known physical or mental limitations of an otherwise qualified individual with a disability who is an applicant or an employee unless undue hardship to the Company would result.
- Basic understanding of network based security technologies (Firewall, IPS, IDS, SIEM, and ACL).
- Knowledge of security policies, regulations, compliance issues, processes and standards ( e.g. ISO, ITIL, PCI, NIST, SSAE-16/18 standards) are a plus.
- Experience with RSA Archer eGRC