Cloud Compliance Analyst

CSG

19719 Cloud Compliance Analyst (Open)

Position Type:

Full time

Location(s):

US.NE.Omaha.CampusUS.CO.Remote, US.FL.Remote, US.IL.Remote, US.NC.Remote, US.NE.Remote, US.PA.Remote, US.TX.Remote

Position Pay Range:

This range represents the low and high end of the salary range for this position. Actual salaries will vary based on factors including but not limited to geographical location and experience.

$62,417.00-$99,867.00

Summary:

The Cloud Compliance Analyst supports the implementation and administration of information security policies, practices, procedures, and technologies, ensuring the protection of networks, systems, applications, and data. This role is looked to as a cloud compliance expert within the organization, ensuring compliance with all security policies, standards, and industry-accepted best practices relating to cloud (AWS and Azure), as well as with industry regulations and laws.  The Cloud Compliance Analyst provides specialist insight and support during audit, assessment, and certification activities including ISO, PCI, and HIPAA.  This role will also be involved with day-to-day security operations by responding to security events of interest and recommending corrective action by working with IT and non-IT team members.

Position Details:

Work with multiple stakeholders to understand and meet Cloud Security Governance, Risk, and Compliance requirements, including but not limited to compliance with organizational policies and standards, remediation of technical security findings, and producing necessary security certification documentation and evidence.

Participate in Cloud Center of Excellence and Cloud Community of Practice forums, advising technology, engineering, development, management, and senior leadership of changes in Cloud Security, especially with regard to Governance, Risk, and compliance equities.

Participate in Cloud Engineering and Architecture discussions, including participation in Well-Architected Reviews, representing Governance, Risk, and Compliance considerations.

Working with other Security organization members, develop and promulgate organizational security policies and standards that codify external security regulations and requirements as well as internally defined practices such as CSG’s Cloud Usage Framework.

Support Mergers & Acquisition activities by supporting Cloud Security Assessments and other Due Diligence as necessary.

Respond to prospect, customer/client security questionnaires as a Cloud Compliance subject matter expert.

Participate in the organization's incident response plan and perform incident reporting on an as needed basis

Must be able to work outside normal business hours when needed to perform diagnosis and/or implementation of product releases or changes so that normal business workflow is not interrupted

Regular and reliable attendance is required.

This job requires domestic and/or international travel up to 5%. 

Incumbent is accountable for professional working behavior to include building and maintaining constructive working relationships, implementing proactive and concise communication, acting as a resource to colleagues, and engaging in collaborative thinking and problem solving while demonstrating CSG’s core competencies and values.

NOTE:  The purpose of this job description is to describe the general nature and level of work performed and it is not intended to be all-inclusive.  An employee may perform duties outside of their normal responsibilities as needed.

Typical Interactions/Relationships   

External – Company clients, Security and service vendors, Security providers and consultants, regulatory auditors

Internal – Internal Audit, Compliance, Operations, Architecture and business units

Work Environment

  • Standard office environment
  • Occasional work in data centers and varied travel locations. 

Education

  • College degree: Computer Science, Information Security, related field, or equivalent experience

Experience

  • Experience with AWS and Azure cloud security compliance
  • Experience with technical cloud compliance tools and technology, including but not limited to:  Checkpoint CloudGuard (formerly Dome9), Palo Alto Prisma Cloud (formerly Redlock, formerly Evident.IO), ScoutSuite, Cloudsplaining, etc.
  • Experience performing vulnerability scanning and penetration testing both at an application and network layer
  • Experience maintaining information security technologies, such as: IDS/IPS, malware prevention, database activity monitoring, secure password repository, multi-factor authentication, SIEM, SPAM prevention, web content filtering, IdM/IAM, encryption and encryption key management, DLP, change detection, and vulnerability scanners

Preferred 

  • Qualified and successful candidates will have at least 3 years of experience working extensively within AWS and Azure compliance

Knowledge, Skills and Abilities

  • Knowledge of public cloud providers, with an in-depth understanding of public cloud security compliance.
  • In-depth knowledge of TCP/IP: must be able to demonstrate technical understanding of all layers of the TCP/IP stack, including familiarity with major application-layer protocols such as HTTP, HTTPS, FTP, SFTP, FTPS, SMTP, DNS, etc.; must be able to read and understand a packet trace; must be able to read and interpret network access control lists
  • In-depth understanding of a variety of network and application attacks: examples include DoS/DDoS, buffer overflows, SQL injection, reconnaissance scanning, and evasive methods attackers use to avoid detection; must be able to demonstrate a minimum level of familiarity with well-known vulnerabilities and exploits
  • Working knowledge with IT security, compliance, and regulatory requirements, such as: Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), Healthcare Information Privacy Protection Act (HIPPA), state and Federal privacy laws

Preferred

  • Certified Information Systems Security Professional (CISSP) certification highly preferred
  • Penetration testing/ethical hacking certification(s) preferred

Benefits:

CSG is proud to offer employee-focused benefits that are robust in design and support a wide spectrum of employee well-being needs. Included in our benefits package is your choice of 3 medical plans administered by United HealthCare, MetLife dental, and vision coverage. CSG also offers an Incentive Savings Plan (401k), serviced by Fidelity Investments. CSG makes a dollar-for-dollar Matching Contribution based on the first 5.5% of your eligible pay you contribute as Pre-Tax or Roth After-Tax Contributions. All contributions are immediately 100% vested. At CSG, we recognize the ability to take time away to recharge is important. We offer a US Tiered Vacation Plan for non-exempt (hourly) roles, and a Flexible Vacation plan for all exempt (salaried) employees. For more benefit details, please view:http://viewer.zmags.com/publication/8c5c80bd.

This role is eligible for a bonus opportunity.

Job ID: 7997

Posted about 2 months ago

Share This Job