Senior Security Compliance Analyst
Duties and Responsibilities:
- Lead all enterprise security compliance requirements including PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001. This will include serving as primary audit liaison, compiling all evidence/documentation requests and reporting on progress of audits to InfoSec and IT leadership.
- Provide Subject matter expertise related to NIST 800-53, ISO27001, PCI DSS, SOC 2 or HIPAA
- Lead security risk assessment and develop mitigation plan with process owner/s.
- Lead audit projects and reviews the work completed by the audit members. Prepares the audit report and provides periodic status updates to Management.
- Conducts research on emerging practices, services, protocols, and standards in support of system security and compliance enhancement and development efforts.
- Provide Incident Response support as needed in response to information security related events. In the event of security incident response, participate in the analysis, troubleshooting, and investigation of security-related, information systems anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts.
- Lead the development and maintenance of security operations procedures and processes, as well as work with the business units outside of InfoSec to formally document policies and procedures.
- Ensures security compliance with applicable regulations and other state and federal laws. Keeps current on US and PH laws and industry regulations regarding data privacy and security
- Performs other duties as assigned.
- Bachelor’s degree in MIS/Computer Science or Business and/or a combination of education and relevant experience.
- In-depth and hands-on experience with at least 2 of the following compliance requirements: PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001.
- A minimum of 7 years IT experience; at least three of those years focused on IT security and/or IT audit.
- Sound technical writing, documentation, and communication skills are required.
- Candidate should have good Project Management skills with the ability to self-start projects.
- Excellent interpersonal skills and a professional demeanor.
- Understanding of enterprise, network, system and application level security issues.
- Understanding of the system hardening processes, tools, guidelines and benchmarks.
- Understanding of enterprise computing environments, distributed applications, and understanding of TCP/IP networks.
- Experience with data loss prevention solutions.
- Functional awareness of both Linux-based and MS Windows-based system platforms with a strong IT technical understanding and aptitude for analytical problem-solving.
- An industry recognized information security certification, such as CISA, CISM, CISSP, SSCP ,CCIE or CEH is preferred, but not required
- BPO contact center experience preferred, but not required.
We are a collective of highly capable humans, who understand how to deploy technology and data to best serve your purpose. From Digital CX to Content Security, AI Operations, Consulting, and anything in between, we consider ourselves responsible for protecting our partners’ interests and supporting their long term success through innovation and technology -powered by ridiculously smart people.
TaskUs partners with the world’s most innovative and disruptive brands to protect what matters most and to thrive in an ever-changing world.
TaskUs currently has over 23,000 employees around the world with offices across the United States, the Philippines, India, Taiwan, Mexico, Greece, and Ireland.
TaskUs is an equal opportunity employer.