Security Analyst- Compliance - ReqCode 16000D6Q

This job is no longer active. View similar jobs.

POST DATE 8/31/2016
END DATE 10/12/2016

Dick's Sporting Goods Pittsburgh, PA

Pittsburgh, PA
AJE Ref #
Job Classification
Full Time
Job Type
Company Ref #
Entry Level (0 - 2 years)
High School Diploma or GED


DescriptionThe Security Analyst will assist in the performance of Information Security vendor risk assessments, assist in IT compliance activities (e.g. SOX/PCI), develop and maintain internal policies/standards/procedures, and provide support for both the internal risk acceptance and data ownership processes. The Security Analyst will leverage understanding of information technology risks/controls and communication skills to support governance/compliance activities and to identify risk to business partners within IT and other business units.QualificationsPerform information security vendor risk assessments leveraging industry best practices, internal policy framework, and security/control frameworks.
Facilitate recurring access reviews, risk/control processes, and other compliance activities to support Information Technology compliance requirements.

Facilitate the risk acceptance process by assisting the organization with the identification of risks and defining compensating controls.

Develop and maintain policies/standards/procedures in partnership with Information Technology and other business units.

Serve as an internal information security consultant to the organization through involvement in key projects and governance/compliance activities.

Additional Skills:
Working knowledge of IT general controls (logical access, change management, operations, governance, etc)

Comprehensive knowledge of risks and controls across multiple layers of the OSI model and accompanying technologies (SQL/Unix/Windows/Oracle)

Working knowledge of security/control/governance frameworks such as ISO 27001/2, COBIT 4.1/5, NIST

Working knowledge of compliance requirements associated with SOX, PCI, and HIPAA/HITECH

Experience in IT control/risk assessment

Education: Bachelor's Degree

Experience: 3-5 years
3-5 years of experience in Information Security GRC, IT Audit, or IT Advisory/Consulting
CISA/CRISC/CISSP Certified preferred

img height=1 width=1 border=0 src= /