Overview
OVERVIEW OF POSITION:
Under general supervision, will assume responsibility for performing risk and compliance tasks and assessments of IT processes and systems. Provides support for information security processes; operates other software to assess vendor security & privacy, provides audit and regulatory support, and produces policy and standards documents. Performs regular access reviews for critical systems. Plays a crucial role in protecting an organization’s information systems by identifying and mitigating potential security risks. Maintains the security and integrity of an organization’s information systems.
Starting Salary Range: $66k - 82k / year
Responsibilities
ESSENTIAL FUNCTIONS:
- Assists with the implementation of the corporate information security governance and compliance efforts (e.g., NIST, CIS Controls, SSAE16/SOC, HITRUST, etc.)
- Performs internal security and privacy compliance assessments based upon identified controls.
- Performs security assessments for third party vendor or partner relationships with the ability to read and assess compliance documents such as SOC2 and HITRUST attestations or certifications.
- Assists in developing and implementing security program governance, compliance frameworks, processes, policies, standards, and work instructions.
- Performs other duties as assigned.
- Provides KPIs, metrics and recurring reports to management.
- Participates in the implementation and continuous improvement of the ESSC Security Program.
- Participates in Incident Response and Disaster Recovery planning and exercises.
- Performs regular access reviews for critical business systems.
Qualifications
EDUCATION:
- Security +, CISA, CISSP, CISM or other information security certifications preferred.
- Bachelor’s Degree: Typically, in Information Technology, Business, or a related field is preferred.
EXPERIENCE:
- 2-5 years of experience in Information Security/Compliance.
- Experience with information security, internal & external audits, contract compliance, and quality initiatives.
- Experience driving compliance-related activities such as SOC2 readiness & audit support.
KNOWLEDGE, SKILLS, ABILITIES:
- Must pass all drug testing required by ESSC and if required, a post-offer physical evaluation.
- Ability to obtain and maintain a criminal record/fingerprint clearance from the Department of Justice and Federal Bureau of Investigation, per Easterseals of Southern California and/or program requirements.
- Understanding and application of security best practices, risk management, regulatory, contractual, and relevant statutory requirements (HIPAA, CIS Critical Controls, NIST, ISO 27001/2, SOC2).
- Knowledge of applicable laws and practices relating to information privacy and security.
- Firm understanding of risk management principles.
- Demonstrated knowledge of business software and hardware, knowledge of security related applications, familiarity with ticketing systems, and strong customer service and organizational skills.