Job details
Salary $79,000 - $105,000 a year job type full-time
Benefits pulled from the full job description
Dental insurance disability insurance flexible spending account health insurance health savings account life insurance show 4 more benefits
Full job description
The information security risk & compliance analyst is responsible for performing all functions required to support day-to-day security compliance operations to enable the organization to continually demonstrate compliance to sox, pci-dss, ssae-18 soc2, hipaa, hitrust, iso 27001/27002 and nist sp800-53This position reports into the it security and compliance departmentDuties and responsibilities
Conduct and clearly document practical risk assessments and make recommendations for new and/or changes to existing controls to mitigate identified risks
Collaborate with internal control owners to:
Develop new controls to effectively mitigate newly identified risks
Ensure established controls are operating effectively to mitigate intended risks
Collect operational effectiveness evidence on a periodic and ongoing basis
Establish and track remediation plans for identified control deficiencies
Support audit processes by providing evidence of control configurations and operational effectiveness to internal and external audit teams
Create and continually measure key risk indicators related to ongoing compliance activities and organizational requirements
Assist in responding to inbound rfp/rfi/vendor risk assessments from existing and prospective customers
Assist in reviewing responses to outbound vendor risk assessments and tracking of identified deficiencies
Contribute to policy and procedure development to assure continued alignment with organizational compliance requirements and best practices
Maintain domain expertise through continued research, education and learning on relevant compliance requirements and techniques
Qualifications
At least 3-5 years of general it experience with a minimum of 2 years in an information risk and compliance role
Understanding of sox, pci-dss, ssae-18 soc2, hipaa, hitrust, iso 27001/27002 and nist sp800-53 control frameworks
Experience developing and implementing governance risk and compliance processes and tools
Technical knowledge of public and private cloud architectures and technologies in support of delivery of saas platforms to customers
A degree in business, computer science or equivalent combination of education and relevant experience
Exceptional communication skills to communicate technical topics to non-technical audiences and vice-versa
Cissp, gsec, gsna, crisc, cisa or other related certifications a plus
Ability to travel approximately 2-3 weeks/year
Additional details this position does not require hands-on expert-level technical skills however, it does require technical fluency across virtually all it domains and technologiesCandidates must be able to understand the relationships between it systems, architectures, applications and operational conceptsAdditionally, candidates must be able to clearly communicate these topics to both subject matter experts and less technical audiences in risk-based termsThe base pay range represents the anticipated low and high end of the pay range for this positionActual pay rates will vary and will be based on various factors, such as your qualifications, skills, competencies, and proficiency for the roleBase pay is one component of wex`s total compensation packageMost sales positions are eligible for commission under the terms of an applicable planNon-sales roles are typically eligible for a quarterly or annual bonus based on their role and applicable planWex`s comprehensive and market competitive benefits are designed to support your personal and professional well-beingBenefits include health, dental and vision insurances, retirement savings plan, paid time off, health savings account, flexible spending accounts, life insurance, disability insurance, tuition reimbursement, and moreFor more information, check out the `about us` sectionSalary pay range: $79,000.00 - $105,000.00
Hiring insights
Job activity
Posted 30+ days ago
