Security Compliance Analyst I

The Security Compliance Analyst I is responsible for performing risk and compliance tasks and assessments of IT processes and systems. Provides support for information security processes; operates other software to assess vendor security & privacy, provides audit and regulatory support, and produces policy and standards documents. Performs regular access reviews for critical systems. Plays a crucial role in protecting an organization’s information systems by identifying and mitigating potential security risks. Maintains the security and integrity of an organization’s information systems.

Hiring Range: $66k - 82k / Year

ESSENTIAL FUNCTIONS:

• Assists with the implementation of the corporate information security governance and compliance efforts
  (e.g., NIST, CIS Controls, SSAE16/SOC, HITRUST, etc.)
• Performs internal security and privacy compliance assessments based upon identified controls.
• Performs security assessments for third party vendor or partner relationships with the ability to read and
  assess compliance documents such as SOC2 and HITRUST attestations or certifications.
• Assists in developing and implementing security program governance, compliance frameworks, processes,
  policies, standards, and work instructions.
• Provides KPIs, metrics and recurring reports to management.
• Participates in the implementation and continuous improvement of the ESSC Security Program.
• Participates in Incident Response and Disaster Recovery planning and exercises.
• Performs regular access reviews for critical business systems.
• Performs other duties as assigned.

EDUCATION:

• Security +, CISA, CISSP, CISM or other information security certifications preferred.
• Bachelor’s Degree: Typically, in Information Technology, Business, or a related field is preferred.

EXPERIENCE:

• 2-5 years of experience in Information Security/Compliance.
• Experience with information security, internal & external audits, contract compliance, and quality
  initiatives.
• Experience driving compliance-related activities such as SOC2 readiness & audit support.

KNOWLEDGE, SKILLS, ABILITIES:

• Must pass all drug testing required by ESSC and if required, a post-offer physical evaluation.
• Ability to obtain and maintain a criminal record/fingerprint clearance from the Department of Justice and
  Federal Bureau of Investigation, per Easterseals of Southern California and/or program requirements.
• Understanding and application of security best practices, risk management, regulatory, contractual, and
  relevant statutory requirements (HIPAA, CIS Critical Controls, NIST, ISO 27001/2, SOC2).
• Knowledge of applicable laws and practices relating to information privacy and security.
• Firm understanding of risk management principles.
• Demonstrated knowledge of business software and hardware, knowledge of security related applications,
  familiarity with ticketing systems, and strong customer service and organizational skills.