DRC is one of the largest educational assessment and curriculum/instruction companies in the industry.
Information Security Compliance Analyst
Data Recognition Corporation-Maple Grove, Minnesota
Company cannot provide sponsorship for this role
No agencies, please
Summary: This position is part of the Data Recognition Corporation (DRC) Information Security Team that has an important role in the defining and enabling the secure operation of the DRC environment. This position has responsibility for contributing to various risk and compliance activities, including internal and external security reviews that are key to validation of our security program.
This position also assists with other aspects of the security practice, including maintaining DRC's security policies, standard and procedures; increasing the organizations security awareness; performing risk assessment and risk management activities; and promoting business continuity and resiliency efforts.
This position can be fully remote, located on site in the Maple Grove headquarters building or hybrid.
Responsibilities: This position will assist in a wide range of compliance and risk functions, with the focus being on maintaining and enhancing our security and compliance maturity. Responsibilities include:
- Complete customer and third-party compliance requests and security questionnaires
- Perform annual audits (third party and customer)
- ISO Audits for ISO 27001 and 27701
- FISMA Audits
- SOC II Type 2
- Various customer audits
- Conduct internal audits (ISO and NIST) and following up on action items
- Policy and standard development and review
- Manage policy exception processes
- Manage security awareness and phishing program
- Assist in security risk management program (third party and internal)
- Assist in Business Continuity/Disaster Recovery efforts and exercises
- Conduct Business Impact Analyses
- Update and maintain security and compliance metrics
Essential Qualifications - 2+ years of Information Security, GRC, or IT Compliance experience
- Internal or External Audit or Compliance experience
- Knowledge or experience in one or more of the following:
- ISO 27001, 27701
- NIST 800-53
- FISMA
- SSAE/SOC II
- Possesses a high level of personal integrity and the ability to discreetly handle sensitive, personal, and classified case information.
Preferred Qualifications - College degree or equivalent work experience.
- Local candidates preferred.
- Experience with Federal Information Security Management Act (FISMA) leveraging National Institute of Standards and Technology (NIST) security controls (NIST 800-53, rev 4/5).
- Security certification such as Certified Information Security Auditor (CISA) and/or Certified in Risk and Information Security Controls (CRISC)
- Experience supporting and participating in third party vendor security assessments and audits, reviewing audit findings as well as responses to security findings and remediation plans.
Reporting to this position: No direct reports
The Employer retains the right to change or assign other duties to this position
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Company cannot provide sponsorship for this position
Please, no agencies
Data Recognition Corporation is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.