Information Security Analyst
Current● Analyze audit reports to identify risk classes and recommend corrective actions across different departments and zones.● Assisting with documentation of Risk and Control self-assessments to ensure that security controls (DLP, Web filtering, security group policy, ACLs, and change management) are implemented.● Review security risk exceptions, suggest mitigating and remediation plan with follow up on Plan of Action and Milestone (POAM)● Overseeing day-to-day IT compliance management… Show more ● Analyze audit reports to identify risk classes and recommend corrective actions across different departments and zones.● Assisting with documentation of Risk and Control self-assessments to ensure that security controls (DLP, Web filtering, security group policy, ACLs, and change management) are implemented.● Review security risk exceptions, suggest mitigating and remediation plan with follow up on Plan of Action and Milestone (POAM)● Overseeing day-to-day IT compliance management process to track and monitor various IT compliance Initiatives across confidential (SOX, PCI DSS, HIPPA audits; self-assessment, security assessments, key risk indicators).● Liaise with engineering teams and external auditors during control testing.● Create organizational policies and procedures and review them annually to identify areas of improvement to align with business processes and objectives.● Perform Third Party Risk Management to assess vendor compliance.● Assessment of cybersecurity to identify root cause, respond, recover, and communicate lessons learned to leadership.• Evaluate evidence to ensure assessment objectives are achieved. Show less