SHR Talent is currently seeking an Information Assurance Compliance Analyst for a client located in the Nashville area. This is a contract-to-hire position. The Information Assurance Compliance Analyst works closely with internal stakeholders to ensure security and privacy controls meet contractual requirements. This role is dedicated to information assurance and information security programs, projects and initiatives. The selected candidate will provide functional guidance and coordination for identifying, measuring, and documenting compliance with defined policies and regulatory frameworks. Knowledge of FedRAMP and/or the NIST Risk Management Framework is desired.
Essential Job Functions (includes but is not limited to):
- Coordinate with all compliance stakeholders, including systems and software engineering, operations, all levels of management, and customers
- Foster information security and data privacy throughout the contract lifecycle
- Generate status reports for management and customers
- Facilitate, lead, and participate in meetings, as appropriate
- Document security and privacy controls and related plans and processes
- Test and document compliance with requirements, and gaps in compliance
- Maintain system- and department-level policies and standard operating procedures
- Facilitate, support, and coordinate remediation activities, as appropriate
- Conduct ongoing compliance reviews and evidence production in support of continuous monitoring and ongoing authorization requirements
- Facilitate internal and external audits of information systems and related business processes
- Note: In addition to the Essential Functions, also performs similar work-related duties as assigned.
Knowledge, Skills and Abilities:
- Confidence to enforce policy and drive accountability related to compliance requirements
- Experience with security compliance frameworks, including assessment, analysis, tracking, and remediation
- Knowledge of other industry and/or government frameworks is a plus (e.g. HIPAA, ISO 27000)
- Direct experience with NIST RMF and NIST guidance, including FIPS and Special Publications is desired
- Knowledge of PCI-DSS is desired
- Foundational knowledge of data networking, DevOps, and/or AWS is desired.
- Must have excellent written and verbal communication skills, requiring working knowledge of Microsoft Word, Excel, PowerPoint, and Visio.
Qualifications, Education and Experience:
- Bachelor’s Degree or equivalent work experience
- Minimum of two years IT compliance experience, with direct experience in information security or IT auditing
- Experience with Audits or Assessments
- Certifications such as CISSP, CISA, CIPP, etc. desired
Travel Requirement, Working Conditions and Physical Demands:
- Ability to travel locally for activities such as meetings, classes, and workshops. Must be able to travel occasional by air as needed to attend training, conferences, and related activities. Occasional overnight travel as required; should not exceed 10% of the time Working Conditions, such as: General office environment. The work area is adequately lighted, heated, and ventilated. Physical Demands
- Office environment where the employee may sit comfortably to do the work. Some walking, standing, bending, reaching, and carrying of light items such as papers, books, small parts; driving an automobile, etc. Requires eye-hand coordination and manual dexterity sufficient to operate a keyboard, photocopier, telephone, and other office equipment.