Security Compliance Analyst

Description

We are looking for a Security Compliance Analyst as a member of MIS team. This role will work to identify risk and ensure compliance with industry standards, relevant laws and regulations, industry best practices, and corporate policies.

This position also assists in developing and maintaining internal security and operation framework. This team plays an integral role in our success, as the systems they manage underpin Fortinets day-to-day operations and a number of our client-facing applications.

Responsibilities :

• Work with operations staff to achieve compliance with SOC 2, ISO 27001, NIST, GDPR, and other security standards and regulatory frameworks.
• Conduct risk assessment to information systems and business processes.
• Develop IT policies and procedures, and provide improvement recommendations to current policies and procedures.
• Collaborate with system administrators to ensure that appropriate controls are implemented, operating properly, in accordance with the corporate policies.
• Conduct audit readiness assessments and coordinate with internal and external functions and audit resources.
• Develop, collect and analyze security metrics to determine compliance and risk levels, as well as trends in systems and processes, and make recommendations on improvements and decisions based on information from the metrics.
• Work closely with Corporate Information Security Team and other business units as required to understand IS related challenges and develop plans aimed at meeting those challenges.
• Respond to request for information on security compliance from customers and partners.

Qualifications and Experience :

• Bachelor degree in Information Security / Systems, Computer / Electronic Engineering, Communications Engineering or related field, and eight (8) years of experience in information security, audit, compliance, risk management or related occupation
• Experience in compliance management such as SOC 2, ISO 27001, NIST and GDPR.
• Experience in design and implementation of information security policies and controls
• Experience with core security technologies such as security information and event monitoring systems (SIEM), firewalls, network and host intrusion prevention and detection systems, proxies, vulnerability scanners, and anti-virus solutions
• Experience with cloud security management
• Demonstrated ability to understand and interpret audit, as well as security requirements
• Superior interpersonal and communication skills
• One or more of the following certifications preferred : ISO 27001 LA, CISSP, CCSP, CISA, and PMP

LI-AV1