Client is seeking an experienced InfoSec Compliance Analyst to join the Information Security team. This position will be responsible for understanding and supporting the design of client's organizational, procedural, and technological security controls within the context of the global regulatory frameworks applicable and its suite of affiliated businesses. The position will help implement, automate, document, and maintain controls while supporting and responding to inquiries from internal and external stakeholders and regulators. An ideal InfoSec Compliance Analyst is someone that has a solid understanding of the broad aspects of information security and can apply that knowledge to solve problems. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn.

RESPONSIBILITIES

• Perform assessments of security controls and processes to identify gaps and support the implementation of appropriate mitigations.


• Understand technical implementation details necessary to assess security risks and design practical security controls.


• Assist with aligning and codifying controls to show how they are mitigating information security risk.


• Participate in the development and oversight of required corrective action plans relating to security compliance issues.


• Support the identification, implementation, and maintenance of automated technical security controls required by various technical regulatory compliance frameworks.


• Help demonstrate Facebook’s commitment to security within the company and to external parties.


• Identify, research, and evaluate new compliance requirements and present them to the team and business.


• Partner with team members and cross-functional groups to create successful security programs that align with compliance requirements.


• Understand the security needs of internal and external stakeholders, regulators, and auditors. Support business relationships with the internal and external security auditors and regulators.


• Assist with responding to external requests inquiring about Facebook's Information Security program including activities like audit management, evidence gathering, scoping, control walkthroughs, etc.


• Assist with daily technical security activities and functions such as assessing vendor security risks, provisioning and reviewing access, creating and maintaining security reports/dashboards, etc.


• Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls.

MINIMUM QUALIFICATIONS

• 3+ years of experience leading and delivering information security assessments.


• Knowledge of information security concepts and experience applying them at scale.


• Hands on with US Laws.


• Experience performing information security risk assessments and control gap assessments.


• Experience with communication and independently leading projects to completion.


• Experience working with fragmented data to create metrics and insights.


• Experience working with Security Controls across 1 or more domains: Access Management, Encryption, Network Security, Data Security, Configuration Management, Vulnerability Management, Physical Security etc.


• Experience working with leadership and engineers.


• Experience working independently and collaboratively across various levels and teams.

PREFERRED QUALIFICATIONS

• Bachelors in computer science, computer engineering, or business technology


• Security consulting experience or related professional services/consulting background


• Experience with, and strong understanding of, most of the following security compliance frameworks, controls, and best practices: AICPA Trust Principals (SSAE 16 - SOC 2 and 3), ISO 27001/27018, OWASP Top 10, PCI DSS, CIS, NIST CSF, NIST 800-53, NIST 800-30, GDPR, regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks


• Familiarity with scripting languages, SQL, PHP, python, and web development


• Certifications in one or more of the following areas: CISSP, CISA, CISM, GISO, GCIH, CIPP


• Strong desire to learn and continuously develop and deepen technical skills