Security and Compliance Analyst
Company: Wolters Kluwer
Location: Harrisburg
Posted on: April 24, 2024
|
|
Job Description:
Security Risk and Compliance Analyst will operate within a
divisional security team reporting to the Director of Information
Security. Analyst will be responsible for risk assessment,
reporting and audit of Customer facing applications supporting the
Tax and Accounting (TAA) and Corporate Performance (CP&ESG)
application portfolio. Primary responsibilities will include
maintaining compliance and assurance against established security
frameworks including SO2 and ISO27001. Analyst will work on annual
certification requirements and daily IT security tasks. IT Risk
assessment and documentation and assessment of implemented security
policies and standards will be a core focus of this position.
Analyst will perform a wide range of security tasks to monitor and
support the Confidentiality, Integrity, and Availability of
applications.
Candidate will focus on reviewing risk assessment of security
controls, evidence collection, and reviewing IT security of audited
systems. Will also be responsible for internal and external
customer compliance reviews, IT system audits, implementation of
internal team projects, and third-party vendor audits of Tax and
Accounting (TAA) and Corporate Performance (CP&ESG)
applications.
Interaction with external customers and third-party auditors to
perform risk assessments and present evidence will be required.
Essential Duties and responsibilities
Provide coordination and support of activities related to external
and internal compliance audits and security governance across
Wolters Kluwer division. This will include a review of
business-based needs, interaction with auditors, cost
considerations, and coordination of onsite or remote audits. Audits
frameworks could include SOC2, ISO27001, NIST 800-53, and privacy
related frameworks such as GDPR
Perform and document annual IT risk assessments related to security
and compliance controls for audited products within the TAA
application portfolio.
Review IT Vulnerability assessments for hardware and software
systems, recommend and track remediation of vulnerability data
across multiple systems.
Work with Tax divisional application owners and application
security owners to document and track Plan of Action and Milestones
(POAM) for specific systems. Perform Review and track risk register
of findings across the enterprise and work with application owners
to remediate.
Coordinate with Global Corporate IT Operations teams to manage
workload and special project intakes. Ensure that all critical
vendors are assessed annually and adhere to contractual
requirements.
Coordinate and participate in security activities and effectively
communicates across cross functional teams including Global
Business (GBS), Corporate, Global Security (GIS), Risk Management,
Legal, TAA Enterprise Architecture, and TAA divisional
security.
Participate in Global Information Security maturity assessments
based on NIST 800-53
Other Duties
Assist with the coordination of Risk, Compliance and Privacy
related activities and requests across Wolters Kluwer TAA
businesses. Participate in global GDPR / Data privacy controls
reviews as needed.
Participate in Security Incident Response tabletop, events or
critical incidents as they occur to represent divisional security
team and coordinate with divisional application owners as
required.
Create and manage ServiceNow incident tickets for tasks to be
assigned to WK Operations teams as needed.
Perform custom security or compliance training as part of the
annual security awareness program for TAA employees and contractors
in coordination with Global teams. Create and provide additional
training as needed to meet custom requirements of TAA
businesses.
Job Qualifications
Education:
Experience:
3+ Years of Experience working in an Information Security role or
relevant information security domain knowledge
3+ years of experience working with Compliance auditors and
security frameworks.
Experience with SOC2 / ISO27001 audit frameworks is required.
Understanding of Development methodology (SDLC) and Agile (SAFE) is
preferred.
Cloud security controls and experience within MS Azure or AWS
systems is preferred.
CISSP, SSCP, ISACA, or GIAC security certification is
preferred.
Other Knowl edge, Skills, Abilities or Certifications:
Knowledge of audit methodology frameworks, SharePoint
Administration, and audit tracking tools
Strong organizational skills, including ability to manage
timelines, both as an individual and as part of a team.
Excellent oral and written communication and interpersonal
skills
Strong Technology background (Software development, Information
Technology, Vendor Risk Assessment)
Proven track record of working with cross-functional business
leaders to achieve difficult objectives
Ability to perform in complex cross-functional business
environment
Strong problem solving and troubleshooting skills
Team building and leadership skills
Proficient in Microsoft Word, Excel, and SharePoint
Administration
Strong knowledge of ServiceNow platform
Travel requirements
Some travel may be required
EQUAL EMPLOYMENT OPPORTUNITY Wolters Kluwer U. S. Corporation and
all of its subsidiaries, divisions and customer/business units is
an Equal Opportunity / Affirmative Action employer. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, sexual orientation, gender identity,
national origin, disability, or protected veteran status.
Keywords: Wolters Kluwer, Harrisburg , Security and Compliance Analyst, Accounting, Auditing , Harrisburg, Pennsylvania
Click
here to apply!
|