Job Description Basic Function: The Senior Information Technology (IT) Compliance Analyst oversees a worldwide IT compliance program for organizational applications and infrastructure. This role ensures compliance with regulatory and internal security requirements in key IT areas, including performing security assessments and on-going evaluations for organizational compliance and risk management frameworks; e.g., PCI DSS, HIPAA, SOC2, ISO\/IEC 27001, SOX, etc., reviewing enterprise agreements related to information systems and\/or architecture, responding to security questionnaires, administering information security policies and procedures, performing risk assessments, developing business continuity plans, and acting as organizational \u2018security representative\u2019 for the organizational configuration management program. Your Focus: Ensure the implementation of information system and architecture components comply with organizational compliance frameworks and security requirements\u00a0 \u2022 Assist with administration, management, and reporting for security assessments and on-going monitoring activities; e.g., SOC 2 Type II, SOX, ISO\/IEC 27001, PCI DSS, HIPAA, GDPR, etc. \u2022 Develop, document, and disseminate professionally written reports and visual presentations to all staff levels; e.g., executive staff, program managers, technical teams, etc., about security assessment conclusions, recommendations, and remediation strategies \u2022 Implement and administer risk management program analyzing risks and selecting corresponding mitigating controls from industry-accepted sources \u2022 Assist in managing automated technical solutions, as well as manual procedures, to document and manage risks to organizational information assets and resources \u2022 Test information security controls, across multiple business processes and\/or locations, ensuring implementation techniques meet the intent of organizational compliance frameworks and security requirements \u2022 Update all policies and procedures describing security requirements, guidance, and standards for organizational information systems and architecture \u2022 Review industry-accepted sources of information to stay \u2018up-to-date\u2019 on information security principles and standards related to new business IT strategies or development of information systems \u2022 Provide responses to security questionnaires supporting due diligence and risk management activities for existing and\/or prospective customers \u2022 Implement organizational vendor risk management program \u2022 Review enterprise agreements and\/or contracts ensuring alignment with organizational security requirements \u2022 Review proposed changes to information systems and provide approval\/disapproval with explicit consideration for security impact analyses \u2022 Assist in the development, documentation, and dissemination of information security policies and procedures describing security requirements, guidance, and standards for organizational information systems and architecture \u2022 Research technologies and tools facilitating security assessments and on-going monitoring\/evaluation activities supporting existing and\/or planned organizational compliance and security certifications Qualifications Motivation, Innovation, Passion, Integrity, Teamwork, Customer-Focus. You should also bring the following: Bachelor\u2019s Degree required 4 years of audit experience (internal and\/or external). Experience should include directly supporting audit engagements; Certified Internal Auditor (CIA) and\/or Certified Information Systems Security Professional (CISSP) certifications preferred Reliable knowledge about popular information security compliance and privacy regulations such as PCI-DSS, SOX, HIPAA, ISO 27001, SOC 2 Type II, GDPR, etc. Ability to create continuous audit programs and optimize related processes Familiarity with supporting enterprise incident response programs Create professionally written reports and visual presentations for use with briefing organizational staff at all levels; e.g., executive management team, technical managers, etc. Experience with Governance, Risk Management, and Compliance (GRC) tools desired Ability to meet deadlines and manage multiple priorities simultaneously Ability to be self-motivated and work independently as well as in team\/project-based environments
Website : http://www.microstrategy.com
MicroStrategy was founded in 1989 and has grown to become a leading independent public business intelligence software vendor (NASDAQ: MSTR). With direct operations in 26 countries worldwide and over 3,200 employees, MicroStrategy is a leading global provider of enterprise software platforms for business intelligence (BI), mobile intelligence, and network applications. With over 25% of our workforce and nearly $100M annually dedicated to R&D, we have over 80 patents issued. MicroStrategy is proud to serve millions of business users at nearly 4,000 companies across 20 industries around the world.