The Security Compliance Analyst’s responsibilities include security system assessments, monitoring and reporting. This position will have a significant role in performing audits, tracking vulnerability assessments, security testing, and working with operations teams on remediation and mitigation of audit findings. The Security Compliance Analyst will work in support of the Security Compliance Manager in handling the assessment and integration of security controls of the entire corporate environment in line with applicable requirements from PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001. This individual will also be responsible for policy assessment of endpoint and network security appliances, hardware and software, enforcing the TaskUs security policies and complying with requirements of internal and external security audits and recommendations.
● Support the management of all enterprise security compliance requirements including PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001. This will include serving as audit liaison, compiling all evidence/documentation requests and reporting on progress of audits to InfoSec and IT leadership.
● Serve as a key administrator for Cloud Access Security Broker policy management.
● Support in the development and implementation of a corporate security & compliance awareness program. Develops training and awareness efforts for employees, contractors and visitors to establish a “culture of security” to prevent or mitigate security incidents. Creates and propagates security awareness and training programs among employees
● Conducts research on emerging practices, services, protocols, and standards in support of system security and compliance enhancement and development efforts.
● Ensures security compliance with applicable regulations and other state and federal laws. Keeps current on US, PH and international laws of operating countries and industry regulations regarding data privacy and security.
● Assist the development and maintenance of security operations procedures and processes, as well as work with the business units outside of InfoSec to formally document policies and procedures.
● Recommends and supports deployment of additional security products and tools, or enhancements to existing tools, to mitigate security risk and detect/remediate compromises.
● Work with security engineers for the optimal configuration of network and host-based security platforms in line with compliance requirements.
● Provide Incident Response support as needed in response to information security related events. In the event of security incident response, participate in the analysis, troubleshooting, and investigation of security-related, information systems anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts.
● Evaluate systems using vulnerability scanners and manual techniques to verify system security settings and configurations.
● Participate in DRP exercises and continuous improvement processes. Assists in the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
● Performs other duties as assigned.
● Bachelor’s degree in MIS/Computer Science or Business and/or a combination of education and relevant experience.
● In-depth and hands-on experience with at least 2 of the following compliance requirements: PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001.
● A minimum of 3-5 years experience; at least two of those years focused on IT security and/or IT audit.
● An industry recognized information security certification, such as CISA, CISM, CISSP, SSCP ,CCIE or CEH.
● Sound technical writing, documentation, and communication skills are required.
● Functional awareness of both Linux-based and MS Windows-based system platforms with a strong IT technical understanding and aptitude for analytical problem-solving.
● Strong understanding of enterprise, network, system and application level security issues.
● Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks.
● Understanding of the system hardening processes, tools, guidelines and benchmarks.
● Experience with DLP policy and vulnerability management scanning platforms.
● Experience with Cloud Access Security Broker solutions.
● Candidate should have good Project Management skills with the ability to self-start projects.
● Ability to handle sensitive and/or confidential material and information with suitable discretion.
● Excellent interpersonal skills and a professional demeanor.
● Ability to travel up to 40% internationally and domestic.
● BPO contact center experience preferred, but not required.