Information Security Compliance Analyst

Position

Information Security Compliance Analyst

Start Date

ASAP

Type

6-month contract to hire

Location

1-2 days onsite in Richmond, VA

Process to Close:

• Teams Screening with AM/Recruiter
• Interview with CISO
• Will most likely ask for a writing sample/letter of recommendation

Must Haves:

• Bachelor's in IT, IS, Computer Science, etc
• 2 years of related (general cybersecurity) experience in a professional setting (work and/or internships)
• Excellent written and verbal communication skills
• Knowledge of NIST CSF and ISO 27001 security frameworks

Plusses:

• Certifications (Security , CISA, or equivalent) strongly preferred

Day to Day:

The Information Security Compliance Analyst I supports cybersecurity compliance and risk management matters, working closely with IT members, business partners, and internal and external auditors and regulators. This position impacts the company's security posture, including contributing to cybersecurity policy development & awareness, identity & access management, and data governance initiatives.

Duties and Responsibilities

· Continuously exhibit and uphold Core Values of Integrity, Accountability, Communication and Teamwork, Innovation and Customer Service

· Maintain, and refine cybersecurity risk management practices using established frameworks such as NIST CSF and ISO 27001

· Assist with the creation and maintenance of information security policies, standards, procedures, and guidelines

· Preparation and review of control narratives and descriptions

· Maintenance of risk registers and risk/control matrices

· Assist with the planning and execution of Data Governance and other security programs

· Maintain performance metrics for the Security program

· Utilize security compliance tools and identify opportunities for improvements and reporting

· Collaborate with the security team, IT, and business partners to document security controls, identify gaps and implement new controls

· Performance of security assessments to ensure that management, operational, and technical security controls are properly implemented and maintained

· Partner with internal and external auditors and regulators to demonstrate cybersecurity compliance and build attainable plans to remediate deficiencies

· Assist in the planning and testing of cybersecurity incident response activities, including coordination with internal stakeholders

· Keep abreast of current threats and vulnerabilities and alert IT and Information Security teams

· Maintain awareness of information security best practices and evaluate their applicability to James River

· Stay current with latest changes in external cybersecurity compliance initiatives that may affect the organization’s external requirements

· Drive security awareness activities to improve business and IT security knowledge and practices