Job Description :
Information Security Risk & Compliance Analyst Location: Philadelphia PA Duration: 6 months + Interview: phone, skype/zoom GC/USC only Job description: The Information Security Risk & Compliance Analyst is responsible for supporting and maintaining the information security program to ensure that information assets and associated information systems. This role supports all day-to-day operations, functions and capabilities relating to technology risk and compliance. The role supports the Information Security compliance program and is responsible for operating the company's technology risk management processes, maintaining technology related Information Security policies, and completing risk assessments of technology related initiatives. Support the completion of assessments of the operational effectiveness of the security controls and supports any required remediation. Identify and document cyber risks and manage mitigation and follow up on open security risks. Requirements: Extensive experience in information security risk, risk assessments and compliance analysis. Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard. Experience in assessing and securing AWS and related service and O365 and related services. Degree in technology-related field preferred, or equivalent work- or education-related experience. Professional security management certification is required, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP), or other similar credentials. Advanced knowledge of common information security management frameworks, such as ISO/IEC 27001, Critical Security Controls, and NIST 800-53 and Cybersecurity Framework.