Previous Job
Sr. Security Compliance Analyst
Ref No.: 18-01619
Location: Philadelphia, Pennsylvania
Position Type:Direct Placement
Experience Level: 7 Years
Start Date: 10/01/2018
Senior Security Compliance Analyst
Basic Purpose/Function:
Under the direction of the Vice President, the Sr. Security Compliance Analyst will act as a key member of the Compliance, Assurance and Risk team. The Sr. Security Compliance Analyst's primary responsibilities are leading the Company's financial sector compliance activities (SOX, NYDFS, FFIEC, GLBA) and aligning Company's policies and controls with industry standard best practices and frameworks (CSF, NIST, etc) Additional duties include collaborating with Internal Audit to track assessments and findings. The Sr. Security Compliance Analyst may also participate in the implementation and/or execution of an information security risk management program as appropriate for the Company's business model and risk appetite.
Primary Duties and Responsibilities:
  • Directly accountable for coordinating and delivering on Company's financial sector compliance activities. Must be familiar with how to interpret controls and suggest compensating mitigation strategies where applicable. Expected to drive efficiency by aligning frameworks and with industry standards and frameworks. Map regulatory requirements across functions to identify compliance, audit response and customer diligence efficiencies. Ensure inventories of controls and administrative protection requirements are up to date and correctly implemented.
  • Coordinate and conduct Company's SOC2 control activities.
  • Assist in the development and management of Company's security policies, standards, process and procedures in coordination with key stakeholders. Mature and sustain a program to ensure that all governance artifacts are formally reviewed, approved & maintained, and outcomes are effective. Serve as lead on projects and initiatives to promote compliance with new or existing security policies. Coordinate issuance of information security awareness publications and courses to ensure the Company community is aware of the company's information security policies. Work with other organizational leaders to ensure information security policies continually comply with appropriate laws, regulations and overall corporate policy.
  • Assist in the implementation and maintenance of a comprehensive security risk management program. Core duties are to execute and maintain a risk rating and prioritization plan to prioritize risk reduction and determine focused investments. Conduct risk registration including tracking mitigation, compensating controls and acceptance. Institute assurance process automation.
  • Assist the VP to grow and mature the information compliance, assurance, Internal Audit response and risk management capabilities.  Improve stakeholder confidence, maintain situational awareness, and ensure organizational alignment across the Information Security Architecture and Information Security Operations Teams. Monitor the effectiveness of the information security program, recommend improvements, create actionable metrics and provide regular reports on status and activities.
  • Assist in development and maintenance of Company's information security strategy and roadmap that continually matures the company's security program in alignment with the threat environment and Company's overall business goals.
  •  Expert knowledge of the information security standards and frameworks including NIST, CIS, CSF, and the Critical Security Controls.
  • Working knowledge of multiple security disciplines, including some of the following: policy definitions, controls frameworks and enforcement; network/perimeter security; system hardening; security event monitoring; vulnerability assessment and remediation; patch management; anti-virus; intrusion detection and response; forensics; encryption technologies; secure coding; physical security; identity and access management; ITAM; authentication and authorization; content monitoring & filtering, vulnerability & patch management; intrusion detection; managed threat detection and response; data loss prevention.
  •  General understanding of other relevant technologies: Active Directory, Microsoft Windows 7/10, Server 2012/2016; RHEL 6/7; firewalls; load balancers, VDI, and related.
  • Working knowledge of Auditing standards and related frameworks including ITAF, ISO, COBIT, COSO
Skills & Abilities:
  • Experience in a large financial services or insurance organization
  • Ability to work independently with or without direction and/or supervision
  • Ability to prioritize and multitask in a high pressure and results-oriented environment
  • Ability to understand a range of IT disciplines. eg. networking, operations, service desk, infrastructure/architecture, and application development.
  • Expert written and verbal communication skills with a focus on translating complex security/IT terms into plain English. Focus on clarity and impact
  • Proven project management skills
Prior Work Experience / Education
  • 3 - 8 years of related work experience
  •  Bachelor's Degree required.
  • CRISC, CISA, PMI-RMP, CGEIT, CISSP, CIPP or similar preferred.
For more information please contact Brian Otten at 203-433-7817.​ botten [at]

Since 1995, iTech Solutions Inc., has been providing IT Consulting and Direct Hire Services to the Insurance, Financial, Communications, Manufacturing  and Government sectors with local offices in Connecticut, Minnesota, Colorado,  Massachusetts, Tennessee, North Carolina, and New Jersey / Pennsylvania area. 

Our recruiting strategy is simple, if you want to find qualified IT professionals then use IT professionals to find them.   So at iTech Solutions,  our personnel are all career IT professionals with a wide range of IT experience.  We can honestly say our staff understands the technologies, the complexities of finding and selecting the appropriate personnel and the pressures of running successful IT projects.