The Senior Information Security Analyst works with IT, other Information Security team members and managed service providers to protect Spok from a variety of cyber threats. individual will provide operational support in our Governance, Risk, Compliance and Security programs. Working with and reporting to the Director of IT Security.
Essential Duties and Responsibilities include the following. Other duties may be assigned.
- Assist with effective and efficient control design, implementation and testing procedures across the organization to ensure risk levels are within thresholds and limits
- Assist with the assessment, documentation and support of the implementation of IT internal controls as part of on-going compliance efforts (e.g., GDPR, SOX, AICPA SOC 2, IS027001, CMMC, etc.)
- Support the implementation of process and control improvement/ automation/ consolidation opportunities and drive consistently increasing maturity of overall control environment
- Contribute to defining the organizations maturity levels for specific security objectives.
- Contribute to the continued development of internal security and control awareness in the organization
- Develop routine reports in accordance with governance, risk, and compliance metrics and key performance indicators for executive leadership
- Assist in the development of appropriate information security policies, standards, procedures, plans, and guidelines tailored to meet the requirements of the organization
- Monitor organizational initiatives to ensure adherence to security and compliance requirements
- Assist with required governance, risk, compliance and audit tasks or activities such as assisting with audit evidence collection
- Maintain expertise in identifying security risks in systems and/or processes used by the organization
- Assist with risk exception process (track exceptions & follow ups)
- Gather and analyze data to support compliance and risk scenario development activities
- Assist with oversight and execution of enterprise risk and vendor management procedures
- Analyze and assess vendor responses to questionnaires and vendor provided documentation
- Assist in the data privacy review of external vendors and third-party relationships
- Respond to third party assessment questionnaires
- Identify and evaluate the organization's data storage and processing activities
- Monitor data management procedures and compliance
- Establish data usage guidelines to ensure regulatory compliance is incorporated into the early stages of development
- Participate in meetings with senior officials to ensure Privacy by Design at all levels
- Assist with incident response, risk analysis and security assessment processes related to security and privacy
- Other duties as assigned
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and/or Experience:
Associates degree or equivalent from two-year college or technical school; and seven years related experience and/or training; or equivalent combination of education and experience.