IT Security and Compliance Sr. Analyst

Summary – Job Responsibilities – Activities: 

The IT Security and Compliance Sr. Analyst will provide technical, operational, and regulatory expertise for compliance and cybersecurity related matters and must be comfortable working either independently or in a team environment. The Sr. Analyst will be responsible for all aspects of AMSC’s regulatory compliance requirements including maintaining and enhancing our internal security standards and policies, this is a hands-on role. The Sr. Analyst will function as a liaison between audit and compliance teams, functional and development teams, third party hosting providers, provide ongoing IT, Cybersecurity and business support and is responsible for managing Compliance processes, systems, and resources.

Functions:

• Work independently to manage the company’s information security program and ensure the development of best practice policies, procedures, and standards based on various governance frameworks.
• Lead IT SOX effort over the effectiveness of internal controls including documentation of IT General Controls (ITGCs), IT application controls (ITACs), key interfaces, key reports/spreadsheets, and SOC 1 reports. Participate and document key IT walkthroughs in conjunction with our internal/external auditors. Remediate control deficiencies, recommend improvements, and provide guidance to key members of Management.
• Lead reviews following System Development Life Cycle controls (SDLC) for new software implementations. Partner with cross functional teams to help lead successful implementations or key system changes.
• Manage IT testing schedule and consult with IT team members, Internal Audit, and external auditors. Assist in completing the IT annual scoping activities in a timely and thorough manner. Assist in identifying and analyzing all relevant matters that could impact IT SOX scope and propose related approaches (during annual scoping and ongoing).
• Provide security awareness, education, and training based on industry best practices and internal policies. 
• Maintain awareness of trends in the latest cloud technologies, security regulations, and operational requirements, and advise across the business.
• Review and understand compliance regulations such as SOX, SEC Disclosure on CyberSecurity, GDPR, FERC/NERC, NIST, CMMC and any other applicable standards.
• Perform Gap Analyses to assess current state against Compliance requirements. Recommend and manage tools to aid in all compliance requirements and objectives.
• Coordinate information security internal audits, external audits, regulatory to help represent the company from an information security and technology risk perspective.
• Perform technical incident responses and security assessment activities. Evaluate impact on IT systems, recommend and implement remediation plans.
• Participate in prospect security-related review process, including completing information security questionnaires for Sales RFP’s and participating in sales calls for security due diligence.
• CMMC certification preparation for all the sites/applications in scope.
• Function as a liaison between AMSC, customers, auditors, and external agencies.

Education – Experience:

• Bachelor’s degree in computer science, Information Technology, or related field, or equivalent experience.
• At least five years of experience in IT Security or IT Compliance within IT/OT Infrastructure
• Three plus years of information technology and audit experience (general information technology, application, and infrastructure controls) within a “Big 4” or large regional public accounting firm

Required Skills, Competencies, Authorities and Training Needs:

• Excellent analytical, critical thinking, collaboration skills, communication with the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Proficiency in MS Office software, specifically Excel, Word, and PowerPoint
• Solid knowledge/experience in Information Technology, networks, databases, operating systems, application controls and IT operations.
• Prior experience with implementing or using GRC tools.
• IT Security Best Practices, Governance and Audit Procedures
• Knowledge of common information security frameworks and IT controls frameworks, such as ISO/IEC 27001, ITIL, COBIT/COSO, NIST/DFAR/CFR/CMMC, NERC/FERC.
• CISSP, CISA certification(s) a plus
• Business continuity and DR planning experience a plus. 
• Supply chain security risk and commercial operations security incident management experience is a plus.

AMSC is an EEO M/F/D/V