logo

View all jobs

IT Security Analyst - Scottsdale, AZ

Scottsdale, AZ
Atrilogy Solutions Group’s direct client is searching for IT Security Compliance Analyst to join their team for a permanent position.

The Information Technology Security Compliance Analyst is a technical and analytical position within our client’s IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, security awareness, risk & vulnerability assessments. A successful applicant will be technical in nature with a high aptitude for both written and verbal communication skills.

The Security Compliance Analyst position will provide timely and quality service to ensure policy, standards, and configurations are adequately maintained, communicated and compliance with internal and external policies or regulations. This position is responsible for managing, developing, maintaining, and communicating company security policies, standards, and configurations in accordance with industry standards and best practices.

The Security Compliance Analyst is expected to have experience and knowledge of industry practiced tools to perform their functions such as but not limited to: GRC Systems, vulnerability, and patch management, third party management applications, IT Service Management systems. Additionally, the Security Compliance Analyst is expected to have experience with security and risk frameworks.


Responsibilities and duties
  • Develop security policies and processes in conjunction with IT Security manager
  • Primary subject matter expert on GRC Application, ie: ServiceNow GRC.
  • Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances.
  • In conjunction with internal and external audit partners, provide governance for the identification, audit, validation, and remediation of information technology controls required for SOX, PII, CIS 18 Security Control Framework and any other applicable regulatory compliance frameworks.
  • Facilitate the coordination, tracking, and automation of all IT and security audits.
  • Conduct and track information security assessments of third-party vendors to determine their ability to protect data.
  • Work with business to coordinate remediation efforts on issues identified during vendor due diligence reviews.
  • Participates in projects and assessments to establish risk determination and remediation.
  • Development of and maintenance of an IT Security risk register
  • Using industry best practices and tools, be able to utilize technology-based tools to validate controls are in place as established.
  • Lead the development, update and compliance of corporate information security policies, guidelines, and standards.
  • Work with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environment
  • Develop the comprehensive information security awareness program and run year-round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives, or other required security announcements.
  • Maintain security and compliance metrics that are meaningful and actionable for all levels of management. Metrics should establish baselines, highlight progress, and drive behaviors.
  • Coordinate with internal and external audit and compliance groups on improvement of information technology controls
  • Analyze, evaluate, prioritize, and process results from security penetration tests or assessments.
  • Work with business, technical, and other stakeholders to drive Information Security projects with a risk-based service delivery view
  • Anticipate, research, and understand industry and regulatory compliance trends, serving as an expert on Information Security GRC capabilities and best practices, including analysis and documentation of best practices
  • Coordinate program elements in a fast-paced environment using iterative techniques
  • Additional duties as assigned

Qualifications
  • Bachelor's degree in Computer Science, Information Systems, Information Security, or related field
  • Industry relevant certifications such as CISA, CISSP, CRISC
  • 3+ years' experience in Information Technology Security role, preferably in compliance, audit, and/or control role.
  • 2+ years in information technology role such as systems engineer, software development, or network engineer.

Essential
  • Strong understanding of CIS 18 controls and benchmarks
  • Strong understanding of SOX compliance & controls
  • Strong written and verbal communications
  • Strong problem determination and resolution skills.
  • Ability to develop and maintain collaborative relationships with peers and colleagues across the organization, as well as internal and external clients

Preferred
  • Demonstrated experienced with ServiceNow GRC, or other industry GRC systems.
  • Strong understanding of OWASP 10 vulnerabilities and mitigations.
  • Experience with security tools and systems, including M365 Defender suite, vulnerability management, network defenses, and related APIs
  • Scripting language experience such as Python, Powershell, or BASH a plus.
  • Security implementation project experience to include security automations, audit, vulnerability management, application security, etc.
  • Experience conducting reviews of Secure SDLC/SecDevOps practices and Database Auditing preferred.
 

 

For immediate consideration please submit your resume in Word format, along with daytime contact information.  LOCAL CANDIDATES ONLY PLEASE unless you are willing to relocate yourself at your own expense.  Client is unable to provide H-1B Visa sponsorship at this time. All submittals will be treated confidentially.  Selected candidate may be asked to complete a comprehensive background, credit and/or drug screening.  Principals only, no third parties please.
 

 
Atrilogy Solutions Group, Inc. (est. 2000), in partnership with Peak17 Consulting (est. 2008), provides organizations of all sizes with high-quality, cost effective information technology (IT) staffing services. 
 
Atrilogy has been recognized by Inc. magazine as one of the nation’s fastest-growing, privately held companies. Headquartered in Irvine, California, Atrilogy also has offices in Denver, Phoenix, & Atlanta with satellite offices in Boston, Jersey City, Las Vegas, and Delhi, India.
 
Clients turn to Atrilogy for expertise in:
 
  • IT staffing and placement such as Project Managers, Agile/Scrum Masters, Business Analysts, DBAs, Software Engineers, Mobile Developers (iOS, Android), DevOps, Automation, QA, Systems & Network Engineers, Cyber Security / Information Security Specialists, ERP, CRM, Business Intelligence, Data Warehousing, Big Data and Creative (UI/UX, Web Design)
 
 Clients turn to Peak17 for expertise in:
 
  • Operational staffing and placement of Accounting/Finance, Human Resources, and Marketing professionals, as well as Information Technology resources.
  •  
    Atrilogy Solutions Group and Peak17 Consulting are Equal Opportunity Employers. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.
     
    In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
     
     
    #JLJ
     
     

     
Powered by