This job was posted by https://www.vermontjoblink.com : For more information, please see: https://www.vermontjoblink.com/jobs/1227786

TheIT Security & Compliance Analystposition plays an integral role on the Corporate Security team, contributing to the organization\'s security operations and compliance efforts. This role supports key regulatory and security frameworks, including Sarbanes-Oxley (SOX) and PCI-DSS, by defining, developing, implementing, and managing processes and procedures that adhere to corporate security strategy, policies, controls, and standards. The incumbent plays a pivotal role in ensuring the organization\'s IT systems and processes are secure and compliant, enabling the company to maintain an effective security and compliance posture. This position requires close collaboration with cross-functional teams to develop and manage workflows, assess risks, and implement solutions that align with regulatory requirements and company standards. This is an exciting opportunity to impact the companys security and compliance efforts while contributing to the success of a multi-state organization that provides essential services to its communities.

Key Responsibilities

While complying with Company Security Strategies and Policy, the individual in the Security & Compliance Analyst role will be self-motivated and manage the following responsibilities and duties:

Security & Compliance - Process & Procedures

• Define, document and lead implementation of compliance & security processes, procedures and workflows. Work with security, compliance IT operations/application leaders to understand and map business requirements to security control and compliance requirements. Incorporate controls to new and/or existing processes/workflows.
• Define, implement, communicate and maintain security & compliance control calendar/tracking dashboard to ensure completion of periodic controls (i.e. weekly, quarterly and annual controls).
• Assist in the selection, implementation and administration of workflow automation tools.

Security Operations

• Define, implement and monitor mechanisms to track and report on the Company Risk Posture that includes active threats and remediation of findings detected through security monitoring tools and audit activities.
• Serve as a liaison between Information Security, IT, and Internal Audit under the direction of the Director..
• Provide oversight & leadership over System Access Request (SAR) process; maintain, improve, and monitor processes to validate that requests are complete, approved by system data owner(s) and routed to appropriate systems administrators for fulfillment.
• Provide oversight & leadership over User Access Review process; maintain, improve, and monitor processes to ensure that user access is appropriately reviewed by system data owner(s), IT system owners and that required changes are accurately executed by IT administrators.
• Participate in incident response activities under the direction of the Director; coordinate response procedures to security incidents to ensure compliance to incident response plan, including appropriate documentation as required to conform to policy and legal guidelines.
• Participate in incident response activities under the direction of the VP, Information Security; coordinate response procedures to security incidents to ensure compliance to incident response plan, including appropriate documentation as required to conform to policy and legal guidelines.

Compliance Operations

• Schedule, track and ensure execution of periodic controls, including but not limited to: vulnerability and penetration scans, data center physical security reviews, data restoration tests.
• Monitor, report on, and coordinate remediation of Moderate nd High priority security findings (i.e. items detected via vulnerability testing and monitoring controls).
• Manage Change Request Process; ensure that each step of the change request process is defined, implemented and operating as required by Company Policy, Standards and Controls
• Manage Change Advisory Board process; coordinate regularly scheduled meetings, ensuring participation of key decision makers and subject matter experts. Ensure that security impacts, risks & compliance dependencies are addressed throughout the project and/or change request lifecycle.
• Monitor effectiveness of the Change Request Process and ensure change requests are documented and approved, including the retention of supporting documents such as back out procedures and test results. Coordinate with 3rd party vendors as required.
• Perform weekly and/or monthly review of system change monitoring tools to identify system changes. Validate changes with the IT teams, associate to approved system change requests as applicable and promote validated changes to the system baseline.
• Coordinate/assist ongoing management of assets that include users, hardware and software

Governance & Compliance Support

Define, implement, and monitor mechanisms to organize and main