Information Security Compliance Analyst (Richmond)

Position

Information Security Compliance Analyst

Start Date

ASAP

Type

6-month contract to hire

Location

1-2 days onsite in Richmond, VA

Process to Close :

• Teams Screening with AM / Recruiter
• Interview with CISO
• Will most likely ask for a writing sample / letter of recommendation

Must Haves :

Plusses :

Day to Day :

The Information Security Compliance Analyst I supports cybersecurity compliance and risk management matters, working closely with IT members, business partners, and internal and external auditors and regulators. This position impacts the company's security posture, including contributing to cybersecurity policy development & awareness, identity & access management, and data governance initiatives.

Duties and Responsibilities

Continuously exhibit and uphold Core Values of Integrity, Accountability, Communication and Teamwork, Innovation and Customer Service

Maintain, and refine cybersecurity risk management practices using established frameworks such as NIST CSF and ISO 27001

Assist with the creation and maintenance of information security policies, standards, procedures, and guidelines

Preparation and review of control narratives and descriptions

Maintenance of risk registers and risk / control matrices

Assist with the planning and execution of Data Governance and other security programs

Maintain performance metrics for the Security program

Utilize security compliance tools and identify opportunities for improvements and reporting

Collaborate with the security team, IT, and business partners to document security controls, identify gaps and implement new controls

Performance of security assessments to ensure that management, operational, and technical security controls are properly implemented and maintained

Partner with internal and external auditors and regulators to demonstrate cybersecurity compliance and build attainable plans to remediate deficiencies

Assist in the planning and testing of cybersecurity incident response activities, including coordination with internal stakeholders

Keep abreast of current threats and vulnerabilities and alert IT and Information Security teams

Maintain awareness of information security best practices and evaluate their applicability to James River

Stay current with latest changes in external cybersecurity compliance initiatives that may affect the organizations external requirements

Drive security awareness activities to improve business and IT security knowledge and practices