Security Compliance Analyst
So what does a Security Compliance Analyst really do? Think of yourself as the one who plays a pivotal role in the oversight and implementation of system-wide information security strategies and solutions. You will have a significant role in performing audits, tracking vulnerability assessments, testing security, and working with operations teams on remediation and mitigation of audit findings.
Since we make sure to get the best of the best, after all, we are a ridiculously good company, we make sure our employees are top notch! So, we need your full concentration because it’s time to imagine what it’s like being a Security Compliance Analyst.
Imagine yourself going to work with one thing on your mind: you will evaluate and design security solutions; and work with technicians throughout the company in implementing, maintaining and constantly improving information security practices, while managing and maintaining efforts in the areas of Information Security, Governance, Risk and Compliance. As you tackle your new tasks for the day, you know that it will lead to one thing: you will manage and improve overall IT/Security Monitoring and Incident Response programs using processes, procedures, and automation.
As Security Compliance Analyst, you will work to support the Security Compliance Manager in handling the assessment and integration of security controls of the entire corporate environment in line with applicable requirements from PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001. You will be responsible for policy assessment of endpoint and network security appliances, hardware and software, enforcing the TaskUs security policies and complying with requirements of internal and external security audits and recommendations.
What else? Well, you will support the management of all enterprise security compliance requirements including PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001. This will include serving as audit liaison, compiling all evidence/documentation requests and reporting on the progress of audits to InfoSec and IT leadership.
You will also serve as a key administrator for Cloud Access Security Broker policy management; support in the development and implementation of a corporate security & compliance awareness program; develop training and awareness efforts for employees, contractors and visitors - to establish a “culture of security” to prevent or mitigate security incidents; and conduct research on emerging practices, services, protocols, and standards - in support of system security and compliance enhancement and development efforts.
Overall, you will work to ensure security compliance with applicable regulations and other state and federal laws, keeping current on US, Philippines and international laws of operating countries, and industry regulations regarding data privacy and security.
Besides that, you will be expected to assist in the development and maintenance of security operations procedures and processes, as well as work with the business units outside of InfoSec to formally document policies and procedures. You will recommend and support the deployment of additional security products and tools, or enhancements to existing tools, to mitigate security risk and detect/remediate compromises.
You must be able to work with security engineers for the optimal configuration of the network and host-based security platforms - aligned with compliance requirements; provide Incident Response support, as needed, for information security related events. In the event of security incident response, you will participate in the analysis, troubleshooting, and investigation of security-related, information systems anomalies, based on security platform reporting, network traffic, log files, host-based and automated security alerts.
Lastly, you will evaluate systems using vulnerability scanners and manual techniques to verify system security settings and configurations. This may include participation in DRP exercises and continuous improvement processes; assist in the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
Do you think you have what it takes to become a Security Compliance Analyst?
Since this is a Security Analyst post, we would need someone who possesses the demonstrated skills to even call themselves one. We would need someone with at least 6 years experience, two of which are focused on IT security and/or IT audit. You must have in-depth and hands-on experience with at least 2 of the following compliance requirements: PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001; must possess a strong understanding of enterprise, network, system and application level security issues; functional awareness of both Linux-based and MS Windows-based system platforms; possess a strong IT technical understanding and aptitude for analytical problem-solving; understand enterprise computing environments, distributed applications, and understanding of TCP/IP networks.
If you have previous background working on system hardening processes, tools, guidelines and benchmarks; experience with DLP policy and vulnerability management scanning platforms; and experience with Cloud Access Security Broker solutions, then that would be a distinct advantage!
Besides possessing a Bachelor’s degree in MIS/Computer Science or Business and/or a combination of education and relevant experience, you must have an industry recognized information security certification, such as CISA, CISM, CISSP, SSCP ,CCIE or CEH. Finally, if you have good Project Management skills with the ability to self-start projects; and able to handle sensitive and/or confidential material and information with suitable discretion, then we want to talk to you!
TaskUs is the fastest growing tech-enabled business services company in the world, delivering the customer support, AI operations and content security services that power the world’s most innovative companies. Listed as one of Glassdoor‘s “100 Best Places to Work”, USA Today’s “Best Company Cultures” and “Best Companies for Women” by Comparably, TaskUs is a Frontline-First company that puts its people at the heart of everything they do.
TaskUs has been recognized as one of the Inc. “500 Fastest Growing Private Companies in America” for the past seven years consecutively. Founded in 2008 by Bryce Maddock and Jaspar Weir, the company raised over $250mm in 2018 from the world’s largest private equity firm, Blackstone.
TaskUs currently has over 18,000 employees and offices across the U.S., Philippines, India, Taiwan, and Mexico.
TaskUs, Inc. is an equal opportunity employer.
To find out more visit www.TaskUs.com.