Job Description :
Job Title: Senior Security Analyst
Duration: 3-6 month contract
Location: McLean, VA
Process: Phone interview then onsite interview
Job description:
6+ years of experience as a security analyst
6+ years of spporting compliance efforts with PCI
6+ years of ISO experience
Non government background preferred
CISSP preferred but other security certificated are okay (ie CISA, CISM, CRISC)
What You Need for this Position
6+ years of demonstrable experience in security risk and compliance, auditing and/or consulting teams in highly technical, fast-paced, global businesses.
Strong individual leadership and interpersonal abilities geared towards getting things done, including experience communicating and developing partnerships at many levels of a technology-driven organization.
Strong understanding of, and past implementation experience with, ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards, as well as global regulations relevant to information security and data protection, such as U.S. federal and state statutes, the EU General Data Protection Regulation, and PIPEDA.
Experience performing information security assessments and compliance audits in the global high-tech industry; demonstrable and deep understanding of common security controls, processes and technical solutions to safeguard network, system, application and data in on-premise and cloud environments.
Experience in developing information security policies, standards and other forms of information security program documentation.
Excellent verbal, presentation and written communications skills and a team-focused attitude.
Active information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent.
What You Will Be Doing
Support implementation of strategic projects to further mature information security governance, risk and compliance program leveraging knowledge and past experience working with industry security standards, such as ISO 27001:2013, PCI DSS and the NIST Cybersecurity Framework.
Respond to security due diligence requests from customers to support sales and customer retention activities as well as global market expansion efforts.
Conduct risk assessments across business verticals and applicable third party vendors; partner with relevant stakeholders at various levels to produce deep insight into security risks and develop actionable risk treatment plans; monitor and support reporting on risk reduction activities.
Support annual security compliance and audit calendar that includes annual PCI DSS, SSAE 18/SOC 1, SOC 2 and ISO 27001:2013 audits as well as customer-initiated audits; conduct internal audits to ensure that compliance towards these standards is maintained.
Support efforts to develop or continuously improve security controls, processes and procedures
Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals.
Build a culture of security by contributing innovative enhancements to a global information security awareness program, including designing and delivering awareness campaigns across the company.