Security Compliance Analyst

The Security and Compliance Analyst will be responsible for assisting the Engineer, Vice President, CTO, DevOps with daily support procedures. The Security and Compliance Analyst has the responsibility of assisting senior staff in the evaluation, development, implementation and operational aspects of process standards, procedures and guidelines supporting the company’s information security plan and SOC – I & II, IOS 27001, GDPR reporting compliance to assure the effectiveness of existing procedures and policies and to detect changes and report on their impacts to the compliance program.

Primary Tasks/Activities:

• Manage and perform SOC -I, SOC – II, ISO 27001, GDPR Compliance audits and ensure adherence to compliance requirements
• Manage and perform audits of internal security controls, security policies and SOC controls, documenting and remediating exceptions
• Update compliance controls, security policies and process documentation, as required
• Complete all RFPs and security questionnaires received from Maximl clients
• Develop a thorough understanding of business, systems and processes in order to provide tailored information security solutions and services; minimizing disruption while maximizing impact
• Coordinate and participate in control deficiency remediation as required
• Assist with the change control process and ensure compliance with policies
• Participate in technology projects to identify information security weaknesses in proposed systems /applications, and assist in the development of appropriate solutions based on risk
• Conduct phishing assessments and assist with cyber security training as necessary
• Resolve tickets submitted for security issues, questions and reviews
• Administration and operation of security controls as directed i.e., Anti-virus solution, Vulnerability scanner, PAM, etc.
• Assist with Licensing and Support Contracts as necessary
• Responsible for the overall security of systems they will be administering including protecting client data and reporting situations that may provide unintentional elevated access. The employee will regularly review corporate policies and will enforce the policies documented in the Apex Corporate Security Standards.

Required Skills:

• Working knowledge of IT Security and compliance including procedures around the following:
• Change Control and Production Deployment
• Auditing and Compliance
• SOC I and SOC II Reporting
• GDPR Compliance
• HIPAA
• ISO 27001
• Internal IT Security Controls
• Incident Management Procedures
• Risk Assessment of Third-Party Vendors
• Security Awareness

Required Experience:

• 2+ Years of IT Auditing, SSAE18 and/or managing compliance with PCI/HIPAA/ISO 27001
• BS in Computer Science/MIS (or equivalent education/work experience)
• Industry-standard security certifications (Security+, CEH, SSCP, CISSP, etc.)
• Excellent written, verbal communications skills, listening and interpersonal skills
• Well organized strong problem analysis and decision-making ability
• Persistence in following up with all levels within the organization
• Confidence and ability to relate professionally to a wide range of people
• Commitment to excellent customer service
• Self-motivated and enthusiastic, Proven organizational and planning skills, including the ability to take tasks through to completion
• High standards of personal presentation