IT Security & Compliance Analyst

Information Technology IRONDALE, Alabama


Description

Position at Motion Industries

Supports the GPC and Motion Industries Enterprise Security Strategies. Supports the Information Protection strategic project, which includes Data Loss Prevention (DLP) capabilities. Ensure the Motion Industries production environment remains SOX and PCI compliant based on the access controls, tools, policies, and procedures implemented. 

SCOPE:

  • Support the implementation and on-going support & administration of the Symantec DLP (Data Loss Protection) System environment
  • Support the implementation and on-going support & administration of DB2 Security & Configuration Management system
  • Assess procedures to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access, modification or destruction.  Make improvement recommendations
  • Ensures compliance with organizational security rules and standards
  • Ensure compliance with internal application security controls
  • Conduct research to keep abreast of latest security issues
  • Prioritize remediation of gaps based on internal and external audits
  • Prepare security and compliance reports by collecting, analyzing, and summarizing data
  • Support SOX & PCI compliance through support of GPC Enterprise Security Strategy initiatives
  • Support SOX & PCI Compliance by review of key controls and monitoring
  • Support of SOX Audit and PCI by collecting and tracking requested evidence by Moore Colson and EY
  • Assist in planning and execution of vulnerability testing for application systems and the network environment
  • Assist in providing support of the enterprise vulnerability management program
  • Assist in providing support of the Security Operations Center (SOC) 

KEY ACCOUNTABILITIES:

  • Proactively work with the platform managers to resolve weaknesses and security incidents identified within the DLP system  
  • Proactively work with the platform managers to resolve weaknesses in configuration and security definitions within the DB2 systems
  • Proactively review our environment to determine if there are any gaps in our SOX, PCI or security controls
  • Using installed tools and services identify security vulnerabilities
  • Take action to ensure reported vulnerabilities are remediated in a timely manner as approved by management
  • Work with other staff members as needed to remediate security weaknesses & vulnerabilities
  • Review DB2 changes to ensure security and configuration compliance
  • Review LAN/WAN changes submitted for update to the production environment
  • Review Application Changes to ensure a scan is performed when required
  • Ensures all policies are followed and proper documentation is on file
  • Provide system admin support for DB2 security & configuration system
  • Provide reports of weaknesses in configuration and security to the various platform managers for resolution
  • Research any issues that are raised during the various audits
  • Review and assist with user application security requests
  • Review controls to prevent service impacts cause by unauthorized access
  • Daily communication with all IT departments
  • Communication with management anytime a control exception or security incident is identified
  • Outstanding oral and written communication skills
  • Supports company safety and health programs
  • Have a clear understanding of emergency procedures and responsibilities 

EDUCATION AND EXPERIENCE:

  • Ability to quickly understand security systems in order to identify and validate security requirements
  • Ability to interpret information security data and processes to identify potential compliance issues
  • Security knowledge of one or more of the following platforms: Windows/Linux
  • Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
  • Willingness to work outside of regular business hours as required which can include evenings, weekends, and holidays
  • Willing to share knowledge and assist others in understanding technical and business topics
  • Strong analytical, technical, and problem solving skills
  • 4-Year college degree required
  • Knowledgeable in the use of MS Office Software suite
  • Experience with DB2 environments preferred
  • Experience with DLP technologies strongly desired/preferred
  • Minimum of five (5) years of experience in information technology and at least two (2) years in information security and/or IT governance/compliance related roles

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.