Position description:

The Information Security Compliance Analyst will be involved in the implementation and improvement of administrative and technical controls of the company's Information Security Management System. This person should understand the risk assessment process to detect new threats, contribute in the action plan development and promote the progress of control implementation and evolution. The position will cover implementations of standards such as SOC2 and ISO27001.

Key accountabilities:

• Contribute with the implementation of the global ISMS (based on ISO27001) over the NAMER region and alignment with the SOC2 framework.
• Evaluate the compliance status of processes and technology implementations and plan actions to align to the security framework. 
• Identify risk related to information security in the technical environment, the relationships with third parties or any component of the company's operations.
• Understand about technical and administrative controls in the different areas: networking, operations, access management, SSDLC, cloud security, end-point protection, physical security, third party risk assessment, organization security and legal compliance.
• Act as a point of contact for third parties questions regarding information security.
• Analyze clients requirements regarding information security and evaluate their accuracy. Follow up the actions needed to comply with those requirements.
• Identify security threats and risks over processes, conducts, technology and context which may affect the information confidentiality, integrity or availability.. 
• Assist in the definition and construction of security measures to lower the risks identified.
• Solve low complex issues independently with minimum supervision and escalate more complex issues to accurate staff.
• Contribute in the development of awareness material and the process of delivery and measurement.
• Perform routine activities to ensure compliance with security frameworks and legislation.
• Investigate on technologies that could improve the security baseline and the compliance (e.g. DLP, end-point protection, network security, security and vulnerabilities assessment).

Minimum Qualifications:

• Bachelor's degree in Computer Science, Computer or Systems Engineering or equivalent.
• Minimum of 3 years of experience in related positions.
• Solid knowledge of security on networking, cloud, infrastructure configuration, end-point protection and SSDLC.
• Knowledge of the standard ISO 27001/2.
• Knowledge of the SOC2 framework

Qualities:

• Excellent communication and social skills.
• Ability to confidently present findings to those with either a technical or non-technical background.
• Self-directed, resourceful, and a critical thinker with attention-to-detail and proactive problem-solving skills.
• Ability to self-organize and plan activities with commitment towards results.
• Ready to learn new contents both from others or self-learned.
• Passionate about self-improvement and suggesting improvements to processes or activities.

Preferred Qualifications:

• +1 year of experience in Security Risk Management, Information Security, Security controls or Security/IT Audit
• Information Security Certification (e.g. CISSP, Comptia Sec, CISM, CRISC, etc)
• ISO27001 Lead Implementer/Auditor

What we offer:

• Competitive salary

• Full coverage health insurance including Medical, Dental, and Vision

• 401K with Company contribution

• Flexible vacation time

• Paid Parental Leave after 1 year of service • Cell phone plan