Senior Security Analyst – Risk and Compliance
For over four decades, the higher education experts at Jenzabar have been helping colleges and universities across the world thrive through multiple services. The Jenzabar culture is one that fosters an entrepreneurial environment, where employees are encouraged to be creative, work hard, and have a great time while doing so. We believe in open doors, asking tough questions, respecting each other, and surpassing our clients’ expectations every step of the way. It’s an enjoyable place to be, with casual dress and a relaxed atmosphere.
Mission Statement:
We believe everyone is a masterpiece with great work to do on Earth. Jenzabar’s mission is to create pathways to empower all to know who they are, what work they are destined to do, and how they can unlock their full potential – at home, at work, and in the world!
Position Summary
The Senior Security Analyst - Risk and Compliance will spearhead Jenzabar’s Risk and Compliance efforts. The Senior Security Analyst will report to the Senior Director - Information Technology and support this ongoing transformation as a strategic, collaborative and trusted advisor and will be responsible for establishing and maintaining the company’s IT/Security governance, risk, and compliance program.
Essential Tasks
- Lead centralized audit and IT compliance support in the facilitation of all audit and other customer assessment requests and remediation efforts. Primary audits currently include SOC 2, PCI-DSS, HECVAT, and TX-RAMP/State-RAMP.
- Creating and maintaining IT Governance frameworks, policies, standards and procedures, and response plans.
- Drive consistency in the way IT/Security risks are identified, controls are implemented and monitored and share best practices and learnings across the company.
- Analyze current IT/Security risks and identify/monitor emerging risks which can affect the company and work with leaders and IT managers to ensure existing and emerging risks are understood and appropriate mitigations are implemented.
- Lead IT/Security risk and governance program activities, such as risk assessments, risk exceptions, risk ratings, risk mitigation and remediation recommendations.
- Document the company’s remediation efforts for IT/Security risk exposures, gaps, and deficiencies, and complete remediation validation to assess effectiveness of improved controls.
- Work with leadership to create, maintain, and present Key Risk and Performance Metrics (KRI/KPI).
- Identify and resolve technical, operational, risk management, and organizational challenges.
- Collaborate on developing and implementing a centralized audit evidence repository and GRC tools.
- Facilitate and oversee training to address identified weaknesses in team member knowledge of requirements, policies, or procedures, and to foster a culture of compliance.
- Provide support in documenting technology controls and technological landscape.
Required Skills and Qualifications
- Bachelor’s Degree in Information Technology or Information Security related field.
- 5+ years of experience working with governance, risk, and compliance within Information Technology and/or Information Security.
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certification preferred.
- Strong project management skills with inherent ability to drive multiple programs, stakeholders, and teams towards organizational goals.
- Experience developing frameworks and processes to drive a risk-based approach to incorporating standard frameworks such as COBIT, ITIL, ISO, COSO, and NIST into an enterprise compliance management process.
- Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations.
- Ability to influence others at senior levels and establish credibility and working relationships with a wide range of corporate personnel, including technical operations, management, and executives as well as internal audit and external regulators.
- Capable of establishing and maintaining an effective program structure that emphasizes the coordination of resources across projects, managing deliverables between projects, and the overall costs and risks of the compliance programs.
- Experience with the development of formal written reports to communicate audit results and recommendations to management and business stakeholders.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
- Strong ability to handle multiple competing priorities in a fast-paced environment.
The pay range for this position is $80,000 - $100,000/year; however, base pay offered may vary depending on job-related knowledge, geographic location, skills, and experience. This position is eligible for an annual bonus in addition to a full range of benefits. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed.
#LI-Remote
Benefits
Medical Insurance, Life Insurance, Dental Insurance, Vision Insurance, Paid Vacation, Paid Sick Days, Paid Parental Leave, Paid Holidays, Short Term Disability, Long Term Disability, 401K, Educational Assistance
Jenzabar does not discriminate in employment opportunities or practices on the basis of race, color, sex, gender, gender identity, pregnancy, childbirth and related medical conditions, genetics, genetic markers and carrier status, creed, religion, national origin, ancestry, age, disability, medical condition, marital status, sexual orientation, military service, veteran status, or any other status protected by state and federal laws.
Please Note: Jenzabar does not sponsor applicants for work visas.
Apply for this job
*
indicates a required field