Information Security Risk & Compliance Analyst

The Security Risk and Compliance Analyst is a member of the information security team and works closely with the other members of the team, the business, and other IT staff to develop and manage security for one or more IT functional area (e.g., data, systems, network, and physical) across the enterprise.

The candidate will be able to effectively understand standard risk methodologies and the implementation of security controls in an enterprise environment.

Key Result Areas:

• Work as part of a team to maintain security and integrity of corporate data and IT systems through activities including:
  
  
  
  • Develop and maintain enterprise security policies and procedures
  • Assist in the coordination and completion of information security risk assessments and documentation
  • Work with information security management to develop strategies and plans to enforce security requirements and address identified risks
  • Report to management concerning residual risk, vulnerabilities, and other security exposures including misuse of information assets and noncompliance
  • Work with IT department and members of the information security team to identify, select and implement technical controls
  • Provide direct support to the business and IT staff for security related
  • Maintain an awareness of security and control issues in emerging technologies
  • Perform other duties as assigned
  
  
  
  

Knowledge, skills, and experience required:

• Bachelor's degree in Computer Science, Information Systems, or other equivalent degree or experience
• Preferred Certifications (CISSP, CISA, CRISC, CRM, GSEC, etc.)
• Strong analytical and problem-solving skills to enable effective security incident and problem resolution
• Proven ability to work under stress with the flexibility to handle multiple high-pressure tasks simultaneously
• Ability to work well under minimal supervision
• Strong team-oriented skills with the ability to interface effectively with a broad range of people and roles, including vendors and enterprise personnel
• Strong written and verbal communication skills and attention to detail for board level committee and regulatory reporting
• Strong customer/client focus with the ability to manage expectations appropriately
• General understanding of risk management
• Knowledge of security methodology frameworks and regulatory requirements such as NIST, CIS, HIPAA, PCI, and FFIEC
• Microsoft Excel, Word, and Visio skillset for the creation, tracking and reporting of security metrics (e. graphs, formatting, basic formulas)

Preferred Qualifications:

• Understanding of enterprise risk management systems and automation platforms
• Experience with Data Loss Prevention (DLP) and Vulnerability Management solutions

*This position is on-site located in Oklahoma City, must reside within the area to be considered.

*Position requires a minimum of 3 years of relevant US based experience.