***THIS JOB REQUIRES ADVANCE ENGLISH LEVEL SKILLS. WRITTEN AND CONVERSATIONAL ENGLISH IS A MUST***
Processing Center located in Panama City (Financial District) is looking for an IS Risk and Compliance Analyst. The IS Risk & Compliance Analyst works closely with, and reports to, the IS Manager to safeguard the confidentiality, integrity and availability of the Company and client’s information. The employee is responsible for providing guidance to clients regarding Company security policies and will assist with questionnaires, surveys, client inquiries, internal audits, and assessments. The IS Risk & Compliance Analyst will also prepare various security documents and complete other information security related tasks.
The IS Risk & Compliance Analyst plays an important role in maintaining an effective information security program. Monitoring the progress of client and vulnerability findings/projects and proposing solutions when necessary are key to the functionality of the GRC.
Essential Duties and Responsibilities:
· Perform day-to-day Information Security activities including monitoring, compliance, and standardization.
· Maintain awareness of current IS standards and developments (ISO, NIST, etc.), as well as the emerging cyber threat landscape.
· Contribute to the creation of security policies, procedures, and documents based on Company or client requirements, security best practices, and industry standards as needed.
· Test controls against policies as directed by the IS Manager.
· Identify potential or actual gaps in the information security program based upon applicable servicer and IS security standards (ISO, NIST, etc.) and communicate same to IS Manager.
· Receive and digest Servicer security standards documentation and enter requirements into GRC software program.
· Assist in the creation and presentation of information security awareness training to Company employees and clients.
· Conduct research on IS-related topics and provide best practice guidance, recommendations, or information to management.
· Assist with the creation, maintenance, and implementation of Business Continuity Plans, Disaster Recovery Plans and testing, Business Impact Analysis, and other assessments, as required.
· Monitor the progress of and assist with action plans for vulnerability remediation to ensure timely and complete remediation.
· Assist clients with IS-related questionnaires, surveys, and client/Servicer inquiries.
· Assist with or attend audits and assessments as needed.
· Collaborate with other departments (i.e. Information Technology, Human Resources, etc.) to direct compliance issues to appropriate existing channels for review and resolution, and consult with clients to resolve client-specific
· Information Security compliance issues.
· Monitor and respond to tickets from the ticket management system related to information security.
· Responsible for physical security-related systems/equipment and system parameters to ensure proper functioning and to coordinate testing, installation, maintenance, and/or repairs of such systems or equipment.
· Oversees the organization’s appropriate and timely responses to security alarm activations and other security events for all locations, including nights and weekends.
· Acts as project manager liaison for construction projects and facility updates with outside vendors.
· Works in conjunction with other departments to coordinate facility projects.
· Negotiates bids and retains contractors to perform physical security related installations and maintenance.
· Conducts periodic staff training on physical security protocols and procedures
Knowledge, Skills and Abilities:
· Must be detail-oriented
· Demonstrates excellent analytical thinking and stakeholder engagement skills
· Demonstrates excellent interpersonal, verbal, and written communication skills
· Strong organization and planning skills
· Must have experience with using Microsoft Office
· Ability to digest complex documents into easily understandable and actionable information for all levels of the organization
· Ability to work independently in a dynamic fast-paced environment
· Familiarity with information security terminology and concepts
· Familiarity with industry acts, laws, regulations, standards, and best practices is desirable
Training and Experience: