Job Directory Security Compliance Analyst - RH

Security Compliance Analyst - RH
Rosemont, IL

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Position Description:

Position Summary:

Aligning security with business needs is becoming increasingly important in order to build sustainable security programs that balance protection with the needs of the business. Security compliance needs to be continuous with an evolving security breach landscape. The Security Compliance Analyst will be part of a lean, but essential Security Compliance Team that reports to Reyes Holdings Chief Information Security Officer (CISO).

Security compliance is a demonstration or reporting function of how Reyes Holdings security program meets specific security standards laid out by Reyes Holdings security framework and regulatory organizations such as the following:

* Payment Card Industry Data Security Standard (PCI)
* National Institute of Standards and Technology (NIST) 800-53
* Center for Internet Security (CIS)

The reporting function includes showing the effectiveness of the security framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets. The purpose is to keep Reyes Holdings information from threats by controls established for how information is used, consumed and provided.

The Security Compliance Analyst position requires sound knowledge of analytics, compliance, and cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The Security Compliance Analyst will proactively work with business units and partners to monitor, and ensure the compliance to agreed-on policies and standards for information security.

The Security Compliance Analyst should understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology.

Primary Responsibilities:

* Provide regular reporting to the Manager of Security Analytics and Compliance on the current status of the information security program.
* The IT Security Compliance Analyst will participate in meetings with Reyes Holdings IT and Business Unit executives, provide all required documentation, identify deficiencies and create remediation plans
* Help develop the compliance evaluation for the information security management framework based on the following: NIST 800-53, CIS, and PCI.
* Analyze and improve the unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
* Report on the effectiveness of the framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
* Help facilitate a metrics and reporting framework to measure the effectiveness and increase the maturity of the information security program.
* Work with the appropriate functions to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
* Define and facilitate the processes to address risks to information security information, propose remediation steps and communicate those risks and follow-up efforts to key stakeholders.
* Assist in the reporting of information security incidents and events while protecting corporate IT assets, intellectual property, regulated data and the company's reputation.
* Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
* Other projects or duties as assigned.

Position Requirements:

Required Skills and Experience:

* Bachelor's Degree in business administration or a technology-related field.
* Two (2) plus years of experience in a combination of audit, risk management, information security and IT or OT roles.
* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information about security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
* Experience ensuring compliance to established standards while continuously improving those standards.
* Working knowledge of information security risk management and cybersecurity technologies such as a Governance, Risk and Compliance Tool
* Up-to-date knowledge of methodologies and trends in both business and IT compliance and analytics
* Knowledge and understanding of relevant legal and regulatory requirements, such as: NIST 800-53, CIS, and PCI.
* Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
* Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
* This position must pass a post-offer background and drug test.

Preferred Skills and Experience:

* Ability to perform well and remain calm in high-pressure, high-stress situations
* Must be a critical thinker, with strong problem-solving skills
* Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
* High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
* High degree of initiative, dependability and ability to work with little supervision while being resilient to change

Physical Demands and Work Environment:

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.

As an Equal Opportunity Employer, Reyes Holdings companies will recruit and select applicants for employment solely on the basis of their qualifications. Our Practices and Procedures, including those relating to wages, benefits, transfers, promotions, terminations and self-development opportunities, will be administered without regard to race, color, religion, sex, sexual orientation and gender identity, age, national origin, disability, or protected veteran status and all other classes protected by the Federal and State Government. Drug Free Employer.

jobDetails

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.