IT Security & Compliance Job Description
IT security & compliance
provides subject matter expertise regarding regulations, risks, and GRC frameworks that impact or are used within the organization (COBIT, COSO, NIST, PCI, MAR).
IT Security & Compliance Duties & Responsibilities
To write an effective IT security & compliance job description, begin by listing detailed duties, responsibilities and expectations. We have included IT security & compliance job description templates that you can modify and use.
Sample responsibilities for this position include:
Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing, responses to external & internal audit findings and regulatory audits/ inspections related to general computer controls deficiencies and remediation
Manage Incident Management and work collaboratively with Risk, Audit and Legal teams
Assess/quantify risk vs
Develop and maintain enterprise wide security strategy
Ensure operational processes are in accordance and operate sound security processes over the Bank's network, infrastructure and endpoints high risk centralized data processing
Provide vision, direction and guidance on solutions to technical challenges
Advise on best tools, processes, practices and standards to ensure effective and efficient security tools / capabilities
Participates in service delivery strategic planning and owns the development and execution of tactical plans necessary to achieve high results
Analyzes workflows, staffing, incident management and related metrics to improve efficiency and customer satisfaction
Provides guidance and helps enforce escalation procedures to ensure that security incidents are appropriately assigned and that all necessary communication guidelines are followed
IT Security & Compliance Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Security & Compliance
List any licenses or certifications required by the position: CISSP, CISA, CISM, ISO, CRISC, PMP, ISO27001, SOC, ISAE3402, DLL
Education for IT Security & Compliance
Typically a job would require a certain level of education.
Employers hiring for the IT security & compliance job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Technology, Information Security, Education, Business, Information Systems, Engineering, Technical, Management Information Systems, Accounting
Skills for IT Security & Compliance
Desired skills for IT security & compliance include:
Linux
NIST
UNIX
ISO
AIX
COBIT
COSO
Internet technologies
Networking
Networking technologies
Desired experience for IT security & compliance includes:
A strong understanding of operating system internals and network protocols
Ability to communicate with personnel at all levels of the corporation
Project management skills, including organization, coordination of duties, and/or accomplishment of goals
Familiarity with regulation and compliance requirements such as Sarbanes-Oxley (SOX), PCI
Knowledge and experience with various CAATT’s
Firewall engineering, intrusion detection systems, host based and network based vulnerability assessment tools, sniffers, TCP/IP protocol stack and the OSI layer, content management and filtering systems, VPN, web servers (IIS, Apache, WebSphere)
IT Security & Compliance Examples
1
IT Security & Compliance Job Description
Job Description Example
Our company is growing rapidly and is looking for an IT security & compliance. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT security & compliance
- Lead and facilitate IT security and compliance controls assessment, testing and documenting IT security control and compliance requirements (e.g., HITRUST, HIPAA, PCI, FISMA/NIST, ) and across SOX domains (e.g., logical access, change management, IT operations, and application development)
- Responsible for book of work, project management, and assortment of IT service management tools, processes, and initiatives in direct support of Information Security
- Responsible for the effective development, coordination and presentation of training and development programs for all SOC employees
- Recommend and contribute to the creation of policies, procedures and standards to place an emphasis on best practices
- Develop, track, and report on Service Level Agreement compliance for existing services
- Responsible for ensuring that the SOC’s service catalog is up-to-date and relevant to the objectives of the company
- Monitor that the controls are being tested with the appropriate frequency
- Maintain awareness of emerging threats, such as new viruses, hacker contests and system vulnerabilities
- Participate in defining overall PCI Program Strategy, Roadmap and Project Plan including PCI DSS 3.1 compliance strategy and partner with Treasury to develop the specific strategies for individual businesses such as cafeterias, gift shops, pharmacies, foundations and
- Provide vision, direction and guidance on information security and security related privacy assessments
Qualifications for IT security & compliance
- Experience in Business risk analysis and mitigation
- Experience in design, delivery, and management of Enterprise-level security programs and technology
- Be an active participant in the continuous improvement of our overall IT leadership team
- Compliance experience in PCI, SAS70, SOX, and HIPAA desirable
- GSLC, GISP, GCPM or CISSP or equivalent security certification
- Bachelor's degree in Computer Science (or related discipline) and/or a minimum 5 years’ experience managing IT and/or Security operations teams preferred
2
IT Security & Compliance Job Description
Job Description Example
Our innovative and growing company is hiring for an IT security & compliance. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for IT security & compliance
- Be integral part of team through ownership
- Interact with various Business and IT groups, to review, assess and monitor compliance with various programs such as SOX, HIPAA, MPAA and others
- Work with IT GRC (Governance, Risk, and Compliance) Lead on continuous improvement of internal IT control framework
- Assist in identifying and reporting on risk and compliance issues
- Review threats and vulnerabilities and recommend and drive remediation actions
- Support IT GRC Lead in performing access and Segregation of Duties (SOD) risks reviews across applications
- Coordinate IT activities with internal and external auditors
- Operate vendor security controls reviews on existing and prospective vendors
- Ensure IT teams are following Change Management policy, standards, and procedures
- Ensure project are performing security compliance activities as part of the overall project management lifecycle
Qualifications for IT security & compliance
- BA or BS in Accounting, Information Systems, or related field
- A minimum of six (6) years progressively responsible job related experience
- Must be able to develop technical documentation and non-technical presentations
- Seven years of progressive experience in leading security and compliance management programs
- Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously
- A total of six years of progressive IT security or compliance experience with a related B.S./B.A
3
IT Security & Compliance Job Description
Job Description Example
Our company is searching for experienced candidates for the position of IT security & compliance. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for IT security & compliance
- Play a key role in security reporting & metrics, leading to risk reduction, trending and overall security posture improvements
- Leverage existing security standards to measure IT performance and compliance
- Oversee and lead implementation of strategic initiatives to improve and streamline Firm mission critical processes within the IT Compliance domain, including third party oversight and continuous monitoring of security operations
- Analyze, assess and recommend cyber security controls for FedRAMP compliance
- Perform project and program management for cybersecurity initiatives
- Work in a consultative manner with internal teams and provide guidance on security topics
- Develop and maintain an enterprise information security program to include centralizing and monitoring security and compliance responsibilities
- Establish and maintain relationships with key business and department leaders
- Provide guidance to IT and executive leadership, and recommend technologies related to the monitoring and enforcement of IT security controls
- Maintain organization's effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information security and technology
Qualifications for IT security & compliance
- Solid understanding of various IT technologies and how they relate to IT security and compliance and other business processes
- Knowledge of internal IT organization including support teams, key leaders and Sr
- Certified Archer Administrator / Advanced Administrator
- Exceptional written and verbal communication skills are required for this role, with writing ability being a key qualification
- 5+ Years’ conducting information security control assessments or audits
- Must possess strong oral and written communication skills is essential to assist in maintaining documentation, updating manuals, and producing reports
4
IT Security & Compliance Job Description
Job Description Example
Our company is searching for experienced candidates for the position of IT security & compliance. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for IT security & compliance
- Complete projects by coordinating resources and timetables with user departments and different teams across organizations
- Recommend information technology & security strategies, policies, and procedures by evaluating organization outcomes
- Maintain IT and Information Security quality service by establishing and enforcing organization standards
- Contribute to InfoOps (IT and InfoSec) team effort by accomplishing related results as needed
- Ensure that all Information Security projects are delivered on-time, within scope and within budget
- Ensure resource availability and allocation for each projects and tasks
- Develop a detailed project plan to track progress and measure progress
- Manage the relationship with the IT/Information Security and all stakeholders
- Establish and maintain relationships with third parties/vendors on as needed basis
- Work with stakeholders across the company to manage Information Security Compliance projects and meet company’s Compliance goals
Qualifications for IT security & compliance
- Strong knowledge of RSA Archer 5.X software and development methodologies
- Strong understanding of Information technology practices and processes and the ability to conceptually apply them to Archer utilization
- Assumes problem ownership
- Initiates actions, which will improve service delivery
- CISSP, CFCE, GCIH or equivalent security certification
- Minimum five (5) to seven (7) years of experience in the information technology fields such as information security, technology sales and marketing, or technology account management
5
IT Security & Compliance Job Description
Job Description Example
Our company is searching for experienced candidates for the position of IT security & compliance. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT security & compliance
- Perform Computer Security Incident Response activities to record, report and manage incidents
- Work in partnership with the Legal and Internal Audit departments to investigate internal and external security breaches, potential violations of applicable data security laws and internal data security/privacy policies
- Communicate alerts to the business regarding intrusions and compromises to the network infrastructure, applications, and operating systems
- Lead the implementation of countermeasures or mitigating controls
- Conduct vendor security analysis for use in RFPs and new product evaluations, solution security analysis for custom and purchased applications
- Work in partnership with the Legal department to understand new and existing domestic/international data privacy laws, cybersecurity or similar laws and assist with all applicable implementation or remedial work to assure compliance
- Ensure all access controls are implemented, maintained and monitored through a security methodology that supports operation and security compliance requirements
- Facilitate mitigation of vulnerabilities in a prioritized fashion in accordance with the applicable compliance requirements
- Implement the IT strategy within IT Security, Risk and Compliance Operations area
- Responsible for stable, efficient and effective service delivery operations for IT Security, Risk and Compliance Services
Qualifications for IT security & compliance
- CISSP, CISA or related certification
- Ability to participate in and facilitate group meetings, including with remote staff
- Experience with Change and Release Management based on ITIL best practices
- Experience with controls testing design
- Ability to work successfully in a matrixed, global organization
- Technical curiosity and the ability to learn new technologies quickly