Analyst, Information Security Governance, Risk and Compliance

Our Customer is a consumer financial services company headquartered in Connecticut. The company offers consumer financing products, including credit, promotional financing and loyalty programs, installment lending to industries, and FDIC-insured consumer savings products through the consumer bank, its wholly owned online bank subsidiary.

We are looking for an Analyst, Information Security Governance, Risk and Compliance on a contract basis to help support our Customer's business needs. This role is 100% remote in EST/CST hours.

The Analyst, Information Security Governance, Risk and Compliance will play a key role in safeguarding the organizations systems, networks, and data. The position is responsible for aiding in the design, development, and build of Information Security governance capabilities, participate in the management of these capabilities, and supporting controls. In addition, this role will be responsible for acting as a trusted resource for other analysts in the organization.


What You'll Do:

• Design, develop, Implement, and provide ongoing support for a global Information Security
• Cryptography governance process, to ensure the compliance and effectiveness of various data protection controls, methods, procedures, processes (i.e., ciphers suites, encryption, key/secrets management, PKI, tokenization, transport layer security)
• Participate as one of several governance leads on team of information security analysts
• Play a hands-on role in the engineering, implementation, and continuous improvement of governance processes to ensure data protection control objectives are effective
• Participate in authoring, editing, providing, or reviewing documentation (procedures, standards) to ensure a well-managed and mature security infrastructure
• Works closely with Information Security program manager, scrum master, and architects to convey technical impacts to development/engineering timeline and risks
• Work independently in identifying opportunities to improve operational or other performance for Security, Information Technology and other functions across the organizations
• Work with Information Security engineers and API developers to drive program delivery
• Work with Information Security leaders to advance cryptography governance program development, maturity, and standards across the organization
• Serve as subject-matter expert to other team members in the Information Security organization
• Perform other duties and/or special projects as assigned

Qualifications/Requirements:

• Bachelor's degree in Computer Science/Engineering or related field OR a minimum of 4 years or experience in Technology with a minimum of 3 years in Information Security
• Certifications in audit, cloud, cybersecurity, governance, information security, privacy, risk preferred; AWS, GCP, GIAC, IAPP, ISC2, ISACA
• Excellent oral communication and writing skills.
• Adept and presenting complex topics, influencing and executing with timely / actionable follow-through
• Experience with legal and regulatory compliance standards such as GDPR, PCI DSS, SOX
• Experience with IT governance, risk, and compliance management in a global environment
• Experience with IT GRC/IRM platforms (i.e., Oracle, RSA Archer, MetricStream)
• Familiarity with ISMS and security frameworks, including NIST Cybersecurity Framework
• Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt to ever-changing business needs
• Strong analytical and problem-solving skills with the ability to convert information into practical deliverables.
• Can use rigorous logic and methods to solve difficult problems.

Preferred:

• Ability to successfully manage working on multiple simultaneous projects
• Audit, compliance, data privacy, governance, risk background
• Creativity and individual thinking, and the ability to work both with a team and unsupervised
• Familiarity with problem and incident management, change management, notifications, and basic operational understanding of running and maintaining infrastructure
• Good teamwork, oral and written communication
• Good understanding of security landscape as a whole
• Strong and efficient problem-solving and analytical skills, willingness to learn
• Information security background
• Knowledge of modern coding languages such as Python
• Knowledge of API development
• Knowledge of CI/CD pipelines
• Knowledge of encryption concepts, controls, technologies
• Knowledge of secrets management concepts, controls, technologies
• Knowledge of tokenization technologies
• Understanding of various cloud deployment/service models from a development, infrastructure and information security aspect

Perks are available through our 3rd Party Employer of Record (Available upon completion of waiting period for eligible engagements)

Health Benefits: Medical, Dental, Vision, Life (including spouse & child), 401k, STD/LTD, AD&D, and Commuter Benefits program.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.