IT Security Compliance Analyst

Description

Join Team CARFAX as an IT Security Compliance Analyst

The IT Security Compliance Analyst is responsible for ensuring that the organization’s information systems and practices comply with applicable regulatory requirements, industry standards, and internal policies.

This role involves assessing security controls, evaluating risk, conducting audits, and providing recommendations for improving the security posture of the organization.

The IT Security Compliance Analyst works closely with various departments to ensure that compliance requirements are understood and met.

At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together.

This position will require 2 in office days subject to change with future business needs.

What you’ll be doing :

• Conduct regular security assessments and audits to ensure compliance with regulatory requirements and internal policies.
• Monitor and document compliance with standards such as NIST, PCI-DSS, SOX, SOC2 and other relevant frameworks.
• Manage internal and external security assessments and risk analysis; while identifying, assessing, and documenting information security risks and recommend mitigation strategies.
• Assist in the development, review, and maintenance of IT security policies, standards and procedures to address compliance requirements.
• Assist in the investigation of security incidents and breaches to ensure compliance with relevant regulations and standards.
• Develop and deliver security compliance training programs and materials to ensure employees are aware of their responsibilities.
• Work with cross-functional teams, including IT, legal, HR, finance, and business units, to address compliance issues and support business objectives.
• Prepare and deliver compliance reports and presentations to management and relevant stakeholders.

What we’re looking for :

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Business, or a related field.
• Professional certifications such as CISSP, CISA, CRISC, CISM, or equivalent preferred.
• Minimum of 3-5 years of experience in IT security, compliance, audit, or a related field.
• In-depth knowledge of regulatory requirements, industry standards, and best practices related to information security and compliance.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent written and verbal communication skills, with the ability to articulate complex compliance issues to diverse audiences.
• Detail-oriented with strong organizational and project management skills.
• Ability to work independently and as part of a team in a fast-paced environment.
• Proficiency with compliance management tools and technologies.

What’s in it for you :

• Competitive compensation, benefits and generous time-off policies
• 4-Day summer work weeks and a winter holiday break
• RRSP matching
• Annual bonus program
• Casual, dog-friendly, and innovative office spaces
• For a comprehensive list of benefits, please visit our website :

Don’t just take our word for it :

• 10X Virginia Business Best Places to Work
• 10X Washingtonian Great Places to Work
• 9X Washington Post Top Workplace
• 3X Louis Post-Dispatch Best Places to Work
Il y a 25 jours