NETSCOUT Systems - Security Compliance Analyst - Westford, MA
NETSCOUT, is currently seeking a full time experienced and professional Security Compliance Analyst in Westford, MA. This position has the responsibility to execute the information security and technology risk strategy; develop and enforce security governance, based on leading standards and policies; monitor and enforce information security compliance and regulatory considerations; manage and conduct risk assessments and information security audits; establish information and security risk metrics for reporting; conduct research on information security best practices, solutions, strategies, etc.; provide consulting to departments; conduct third party risk assessments; enhance risk and vulnerability assessment initiatives; and, enforcement, and guidance, of the Information Security strategy and policies throughout the company.
The candidate will be an innovative, self-motivated team player and leader who will be able to educate, provide guidance, and drive a cultural and programmatic risk appreciation for information security and compliance throughout the company. This individual is a business enabler who demonstrates an ability to work with various departments (Legal, Finance, IT, Business Units, etc.) and teams.
This role supports the programs of IT Security Risk & Compliance which include client inquiries, security contracts, risk management, and compliance management. This position is specifically responsible for responding to client inquiries in relation to NETSCOUT's security controls and helping with onsite visits and audits. In addition, this position will provide support for audits, including gathering and discussing evidence and managing remediation responses and activities
Security Compliance Analyst Essential Duties and Responsibilities:
* Lead security assessments and audits. Including ISO 27001 and SOX ITGC testing. Monitor and manage compliance of implemented enterprise information security controls
* Provide tracking procedures to support policies are developed and maintained by technical and business owners. Provide guidance and review.
* Update and participate in regular exercises for Incident Response.
* Work with CISO in the development of diverse and impactful risk metrics
* Responsible for improving, monitoring (ongoing and assessments), and coordinating Third Party Vendor Risk Management activities; conduct vulnerability scanning of third-party vendor environments and identify current vulnerabilities for vendor utilized environments or programs and applications. Providing feedback to business leaders and risk owners.
* Respond to customer / business partner security inquiries and ensure that any finding are remediated timely. Serves as a company representative with prospects, customers, and partners by assisting with completing security questionnaires, assessments and audits
* Proposes changes to existing policies and procedures based on a risk-based approach to ensure operating efficiency, effective risk mitigation, and regulatory compliance ensuring alignment with state-side and national information security policies, regulations, and standards
* Review updates to regulations, frameworks and contracts. (GDPR, ISO 27001, NIST, HIPAA, state regulations) Seek input on emerging threats that warrant additional controls. Communicate updates to tech and business owners.
* Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department and throughout the organization, as well as with industry regulations, including HIPAA, NIST, and FISMA (optional)
* Keeps abreast of current information through formal/informal training and researches the latest technologies and innovations critical to maintaining successful security compliance levels
* Monitor progress and effectiveness of security controls through continuous reporting and trend evaluation, targeting key areas such as system and application security, vulnerability management and incident response performance.
* Provide security communication, awareness and training for audiences, which may range from front line staff to senior management.
* Determine & maintain an inventory of all regulatory, commercial and organizational technology compliance requirements
* Develop & maintain repository of reference documents for information security architectures and strategies, technical standards, and requirements, applicable to all information technology projects
* Perform any other duties as assigned
Required Knowledge / Experience:
* 3+ years of information systems security or related auditing experience
* Cybersecurity and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data
* Understand technology, management, and leadership issues related to organization processes and problem solving.
* Understand the basic concepts and issues related to cyber and its organizational impact
* Familiarity with privacy laws, data protection/security regulations, and frameworks, such as ISO 27001, 27002, Agreed Upon Procedures, and COBIT
* Possess a general understanding of underlying infrastructure architecture including WANs, LANs, Internet, intranets, cloud computing, and communication protocols such as TCP, UDP, and IPSEC
* Excellent oral and written communication skills in both a technical & non-technical environment.
* Strong analytical and problem-solving skills
* Strong detail orientation, follow-through capabilities and escalation of key issues
* Ability to work with diverse personalities within various levels of the organization.
* Ability to manage multiple issues at one time.
* Work effectively in a dynamic environment where shifting priorities frequently alters work plans.
* Highly Self-motivated and directed with a desire to learn.
* Ability to work in a team-oriented, collaborative environment.
* Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
* Excellent time management and related organizational skills, including appropriate sense of urgency, dependability, a proactive approach, and a suitable ability to anticipate and manage multiple project lifecycle events, issues and obstacles
Location: MA - Westford
Activation Date: Monday, June 17, 2019
Expiration Date: Thursday, August 1, 2019
NETSCOUT is a provider of service assurance, troubleshooting, diagnostics, business analytics, DDoS protection, and threat intelligence products.