Charter Solutions
Overview
Charter Solutions is currently seeking a Sr. Security Analyst that will be responsible for managing risks, and ensuring compliance with security regulations, which includes developing & enforcing security frameworks, conducting risk assessments, and creating cybersecurity policies. This role also involves monitoring & reporting on compliance, conducting assessment & auditing, and collaborating with stakeholders to align security practices with business objectives & communicating risk status. Responsibilities
Assess and manage contractual and regulatory obligations in accordance with company policies, industry standards, and regulatory requirements (e.g. SOC 2, ISO 27001, NIST CSF, NIST 800-171, CMMC, etc.). Manage security standards, policies, and practices on an annual basis to make sure they meet company demands. Assist the Business in responding to inquiries from customers about Security controls and compliance. Look for improvement and offer insightful advice and value-added guidance on process and control enhancements. Conduct comprehensive risk assessments of third-party vendors, partners, and service providers to evaluate security posture, compliance status, and risk exposure. Collaborate with cross-functional teams, including Legal, IT, and Procurement, to establish risk management strategies for third-party relationships. Maintain processes for third-party security evaluations, onboarding, and ongoing risk monitoring. Manage the lifecycle of third-party risk management, from initial assessment to contract negotiations and continuous monitoring. Work with vendors and internal teams to ensure that appropriate remediation plans are put in place for identified risks. Prepare regular reports on third-party risk and compliance status for senior management and relevant stakeholders. Stay up-to-date with the latest trends and best practices in third-party risk management, cybersecurity, and regulatory compliance. Respond to information security incidents, perform root cause analysis, and lead incidents and problems to resolution. Work with other technical staff to execute information security initiatives and projects. Monitor information security systems for risk events and manage discovered vulnerabilities to acceptable remediations. Qualifications
Bachelor’s degree in Cybersecurity, Information Technology or equivalent subject area 5+ years of experience in information security, risk management, compliance, or related fields. Strong understanding of third-party risk management processes and frameworks. Familiarity with key security & privacy regulations, and risk management frameworks (e.g. CCPA, SOC 2, ISO 27001, NIST, CMMC). Knowledge of compliance regulations and standards. Experience with conducting security assessments, audits, and risk evaluations. Knowledge of security controls, risk mitigation strategies, and vendor management best practices. Excellent communication and interpersonal skills with the ability to convey complex technical information to both technical and non-technical stakeholders. The candidate should be able to “sell” ideas and processes internally at all levels. Strong analytical & problem-solving skills and detail oriented attention to detail-to be able to analyze complex situations, identify root causes, and develop solutions. Ability to work independently, manage multiple projects, and meet deadlines in a fast-paced environment. Effective influencing and negotiation skills in complex environments where resources required for success may not be in direct control of this role. Demonstrated presentation skills and credibility to win support and align the organization. Seniority level
Mid-Senior level Employment type
Contract Job function
Information Technology Industries
IT Services and IT Consulting
#J-18808-Ljbffr
Charter Solutions is currently seeking a Sr. Security Analyst that will be responsible for managing risks, and ensuring compliance with security regulations, which includes developing & enforcing security frameworks, conducting risk assessments, and creating cybersecurity policies. This role also involves monitoring & reporting on compliance, conducting assessment & auditing, and collaborating with stakeholders to align security practices with business objectives & communicating risk status. Responsibilities
Assess and manage contractual and regulatory obligations in accordance with company policies, industry standards, and regulatory requirements (e.g. SOC 2, ISO 27001, NIST CSF, NIST 800-171, CMMC, etc.). Manage security standards, policies, and practices on an annual basis to make sure they meet company demands. Assist the Business in responding to inquiries from customers about Security controls and compliance. Look for improvement and offer insightful advice and value-added guidance on process and control enhancements. Conduct comprehensive risk assessments of third-party vendors, partners, and service providers to evaluate security posture, compliance status, and risk exposure. Collaborate with cross-functional teams, including Legal, IT, and Procurement, to establish risk management strategies for third-party relationships. Maintain processes for third-party security evaluations, onboarding, and ongoing risk monitoring. Manage the lifecycle of third-party risk management, from initial assessment to contract negotiations and continuous monitoring. Work with vendors and internal teams to ensure that appropriate remediation plans are put in place for identified risks. Prepare regular reports on third-party risk and compliance status for senior management and relevant stakeholders. Stay up-to-date with the latest trends and best practices in third-party risk management, cybersecurity, and regulatory compliance. Respond to information security incidents, perform root cause analysis, and lead incidents and problems to resolution. Work with other technical staff to execute information security initiatives and projects. Monitor information security systems for risk events and manage discovered vulnerabilities to acceptable remediations. Qualifications
Bachelor’s degree in Cybersecurity, Information Technology or equivalent subject area 5+ years of experience in information security, risk management, compliance, or related fields. Strong understanding of third-party risk management processes and frameworks. Familiarity with key security & privacy regulations, and risk management frameworks (e.g. CCPA, SOC 2, ISO 27001, NIST, CMMC). Knowledge of compliance regulations and standards. Experience with conducting security assessments, audits, and risk evaluations. Knowledge of security controls, risk mitigation strategies, and vendor management best practices. Excellent communication and interpersonal skills with the ability to convey complex technical information to both technical and non-technical stakeholders. The candidate should be able to “sell” ideas and processes internally at all levels. Strong analytical & problem-solving skills and detail oriented attention to detail-to be able to analyze complex situations, identify root causes, and develop solutions. Ability to work independently, manage multiple projects, and meet deadlines in a fast-paced environment. Effective influencing and negotiation skills in complex environments where resources required for success may not be in direct control of this role. Demonstrated presentation skills and credibility to win support and align the organization. Seniority level
Mid-Senior level Employment type
Contract Job function
Information Technology Industries
IT Services and IT Consulting
#J-18808-Ljbffr