Infosec Risk and Compliance Analyst

IT United States


Description

Tyler Technologies is looking for an Information Security Risk & Compliance Analyst to join our Corporate Security team! As an Information Security Risk & Compliance Analyst reporting to the Manager of Information Security Compliance, you'll be instrumental in ensuring Tyler's compliance with regulations, frameworks, standards, and client agreements. You'll also be vital in administering and enforcing Tyler Technologies' Enterprise Information Security Program to safeguard the company's infrastructure and critical assets. Collaborating with various teams, you'll ensure that policies and procedures are not only in place but also effectively implemented and upheld.

The Information Security Risk & Compliance Analyst holds a critical enterprise-level position, tasked with assessing if the organization meets various regulations, frameworks, standards, and client agreements consistently across all operations. They are responsible for ensuring that the organization's information security policies and procedures align with pertinent laws, regulations, and industry standards.

Responsibilities

  • Support the process of standardizing and streamlining annual and ad-hoc information security audits and assessments in compliance with FedRAMP, CJIS, SSAE-18 SOC 1 and SOC2 PCI and other requirements as necessary
  • Conducting comprehensive risk assessments to identify potential security threats and vulnerabilities within the organization's systems, networks, and processes.
  • Develop and implement strategies to mitigate identified risks.
  • Plan and execute regular compliance audits to assess adherence to security policies and procedures.
  • Review and analyze audit reports, and recommend corrective actions as needed.
  • Assist in the monitoring and enforcement of compliance to security policies
  • Assist with contract and vendor management issues related to security requirements and projects
  • Assist with oversight and execution of Enterprise Risk and Vendor management procedures
  • Evaluate and monitor the security practices of third-party vendors and partners.
  • Ensure that vendors comply with the organization's security requirements.
  • Aid in the development, evaluation and implementation of governance and compliance processes to mitigate cybersecurity risk and ensure protection of company assets and information
  • Researches and interprets current and pending laws and regulations, industry standards and client and vendor commitments to understand and communicate compliance requirements
  • Consults with business and technical leadership to ensure that data, processes and technology are designed for data protection and compliance by working with IT teams to implement and maintain security controls, such as firewalls, encryption, access controls, etc., as per compliance requirements.
  • Lead or assist in responding to security incidents, including investigation, containment, eradication, and recovery.

Qualifications

  • Possess knowledge of common information security and privacy frameworks, such as FedRAMP, CJIS, ISO 27001, PCI-DSS, SSAE 18 SOC 2, HIPAA, CCPA, etc.
  • Bachelor’s degree or equivalent experience
  • Desired but not required certifications include those such as (ISC)2 CGRC, ISACA CGRC or equivalent
  • Excellent customer service, organizational, interpersonal and communication skills
  • Ability to prioritize and complete multiple tasks in a fast-paced, technical environment
  • Required to undergo and satisfactorily pass a fingerprint background check in accordance with CJIS requirements.
  • The InfoSec Risk and Compliance Analyst must be able to:
    • Understand information security concepts such as Information Security compliance standards and technical security risk assessment
    • Translate security control language into natural human language to aid in speed and accuracy of implementation
    • Possess knowledge of common information security and privacy frameworks, such as FedRAMP, CJIS, ISO 27001, PCI-DSS, SSAE 18 SOC 2, HIPAA, CCPA, etc.
    • Monitor and stay up-to-date with relevant laws, regulations, and industry standards related to information security.
    • Stay informed about emerging threats, technologies, and best practices in information security.
    • Recommend and implement improvements to security policies, procedures, and practices.
    • Provide seamless integration to department and company resources
    • Perform process development, consolidation and optimization at an enterprise level
    • Excellent troubleshooting and analytical skills required