Job Description :
Security Analyst III (Risk & Compliance Specialist) - Contract
Duluth, GA

This role supports the company''s IT Governance Risk & Compliance (GRC) program which includes risk management, compliance management, assessments, and security awareness. This position is specifically responsible for preparing and analyzing business requests, monitoring in-scope systems, compliance operations, troubleshooting problems, identifying issues, creation of risk mitigation/treatment plans and advising users of fixes.

This role partners with the business users acting as an advisor and subject matter expert for matters pertaining to control descriptions, operations and enhancement of their designated controls framework. Ensures the user community is properly trained on controls execution and follows up periodically with Internal Audit. Under general direction, ensures company''s IT Security Control Framework is in compliance with SOX and industry standard operating procedures. Collaborates with internal teams, IT management, Internal Audit and other stakeholders to ensure the IT compliance program and associated deliverables are met.

Serving as a key resource in managing risks & controls
Maintaining all required documentation
Working with multiple business users to complete Security & Privacy Assessments for projects
Work with end users to design and implement new business processes for controls that are related to the functional area supported
Communicating portfolio and project status with IT and business sponsors
Creating or modifying documentation and workflows
Maintaining the security exception and findings management processes
Maintaining security program metrics and reporting
Assisting with both internal and external compliance audits
Assisting with Change Management and Project Management Policies, Guidelines and Procedures
Assisting with the Training & Awareness Program
Preferred Skills, Education, Experience
Bachelor''s degree. (e.g., Information Security, Information Protection, Computer Information Systems, Computer Science, Computer Engineering, Information Systems Management) or equivalent educational or professional experience and/or qualifications
8+ years of experience in Sarbanes-Oxley (SOX 404 Compliance)/COBIT/COSO compliance, IT security, and IT audit/risk management
Industry certification (e.g., CISA, CRISC)
Solid understanding and working knowledge of US and EU privacy laws, data protection/security regulations, and frameworks, such as NIST, COBIT, PCI DSS and ISO27001/2
Working knowledge of GRC tool(s)
Working knowledge of classic compliance techniques
Working knowledge of Support Desk/Incident Management systems
Knowledge of SIEM tools, Incident Response and Forensics
Experience with SharePoint
Familiarity with the equipment manufacturing process (i.e. agricultural, automotive, constructions, etc
The ability to make quick decisions and think outside the box when working with complex situations
Strong communication, interpersonal skills, and the ability to establish strong working relationships at all levels
Demonstrates a high level of flexibility