Lead Security Analyst
We are seeking a Lead Security Analyst for a 6-month project in Miramar, FL (between Fort Lauderdale and Miami), that will convert to a permanent opportunity with a leading hospitality company headquartered in South Florida. The right candidate will supervise the evaluation and management of risk involving third party solutions and services.
Responsibilities for the Lead Security Analyst
- Create and manage an automated, auditable, repeatable, and demonstrable program to manage third party risk to RCCL information assets.
- This position assesses the risk of third-party providers, tools, systems, and integrations using structured interview processes, questionnaires, review of third party reports on internal control (such as SOC 1/2 reports) and other information security, compliance, and data protection documentation, as well as red-lines in legal contract reviews.
- Supervise the program intake, assessment, remediation, and risk acceptance processes.
- Collaborate with business sponsors and third parties to initiate, conduct, and close assessments in a timely manner.
- Analyze internal controls and information security, compliance, and data protection programs of third parties to ensure policies and standards are adhered to.
- Ensure potential risks associated with software as a service (SaaS) technologies and interfaces to information are examined thoroughly.
- Ensure Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), Global Data Protection Regulation (GDPR), and other regulatory compliance with third-party technologies, services, systems, and integrations.
- Review and assist with negotiations of third-party contracts for information security, compliance, and data protection measures.
- Communicate assessment requirements with business sponsors and third parties related to the third-party selection and onboarding processes to maintain compliance with defined policies and procedures, regulations, and managing risk.
- Interact and collaborate with key personnel in various departments including, but not limited to, Procurement, Information Technology (IT), Legal, Crisis Management, Compliance, and Ethics, Human Resources, Internal Audit, and Global Business Management.
- Participate in an established project management office (PMO) protocols to integrate TPRM requirements (initiation, planning, analysis, design, build, test, deploy, closeout, etc.).
MUST HAVE SKILLS for the Lead Security Analyst
- 5 years of work experience in a TPRM role or equivalent.
- 5 years of IT / Information Security Risk experience.
- At least one Information Security certification such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. required.
- Demonstrated experience in performing audit / compliance assessments.
- Experience with internal project consulting to provide compliance and security requirements and guidance.
- Significant experience in SOX and PCI-DSS controls.
- Experience reviewing and red-lining legal language specific to information security, compliance, and data protection requirements of both RCCL and external third parties for appropriateness.
- Ability to formulate and communicate exceptions/findings and technical solutions.
- Proven ability to collaborate with technical and business peers.
- Demonstrate a degree of creativity with strong, analytical problem-solving skills.
- Strong with methodologies, tools, best practices and processes related to global TPRM contractual and regulatory requirements.
- High familiarity with ISO27001/2, NIST, FISMA, PCI-DSS, and other industry standards and frameworks.
NICE TO HAVE SKILLS for the Lead Security Analyst
- Experience with Third-Party Trust (TPT) platform and Bitsight/Security Scorecard rating systems
- Bachelor’s in IT / Information Security, Computer Science, or related discipline is preferred. Non-technical degrees with Computer Science fundamentals will be considered combined with technology experience
If you are interested in the Lead Security Analyst opportunity, then you can reach out to DA Longhi at email@example.com to discuss the opportunity further.
For a full list of all our available jobs, please visit us at www.arcgonline.com.
Certified In Risk And Information Systems Control
Certified Information Security Manager
Certified Information Systems Security Professional
Based on Job Title, Location and Skills
Apply to this job.
Think you're the perfect candidate?
Help us improve CareerBuilder by providing feedback about this job:
Report this job
Report this Job
Once a job has been reported, we will investigate it further. If you require a response, submit your question or concern to our
Trust and Site Security Team
privacy and protection,
when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.
By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder
Terms and Conditions
for use of our website. To use our website, you must agree with the
Terms and Conditions
and both meet and comply with their provisions.
American Recruiting & Consulting Group, a national executive recruitment agency, was established in 1982 and has been consistently ranked in multiple issues of Florida Business Journals’ “Top 25 Executive Search and Consulting Firms” for the last 14 years. With hundreds of employees, and multiple locations throughout the country, we have asserted ourselves as a leader in the recruitment, staffing, employment and consulting sectors.
View the full profile
At ARC Group, we focus on helping our clients grow by offering a unique blend of staffing, employment and temp services in the talent acquisition space. Our services include helping you find the best talent for contract, temp to perm, and permanent placement opportunities. We also offer a unique and trademarked research recruitment solution, Recruitment Intelligence™, as well as retained, contingency and consulting services.
We’ve developed a proven 7 stage end-to-end recruitment process to give you unsurpassed quality that most employment and temp staffing agencies do not provide.