IT Security & Compliance Analyst - Casella Waste Systems, Inc.
Rutland, VT 05701
About the Job
The IT Security & Compliance Analyst position plays an integral role on the Corporate Security team, contributing to the organization's security operations and compliance efforts. This role supports key regulatory and security frameworks, including Sarbanes-Oxley (SOX) and PCI-DSS, by defining, developing, implementing, and managing processes and procedures that adhere to corporate security strategy, policies, controls, and standards. The incumbent plays a pivotal role in ensuring the organization's IT systems and processes are secure and compliant, enabling the company to maintain an effective security and compliance posture. This position requires close collaboration with cross-functional teams to develop and manage workflows, assess risks, and implement solutions that align with regulatory requirements and company standards. This is an exciting opportunity to impact the company’s security and compliance efforts while contributing to the success of a multi-state organization that provides essential services to its communities.
Key Responsibilities:While complying with Company Security Strategies and Policy, the individual in the Security & Compliance Analyst role will be self-motivated and manage the following responsibilities and duties:
Security & Compliance - Process & Procedures
- Define, document and lead implementation of compliance & security processes, procedures and workflows. Work with security, compliance IT operations/application leaders to understand and map business requirements to security control and compliance requirements. Incorporate controls to new and/or existing processes/workflows.
- Define, implement, communicate and maintain security & compliance control calendar/tracking dashboard to ensure completion of periodic controls (i.e. weekly, quarterly and annual controls).
- Assist in the selection, implementation and administration of workflow automation tools.
Security Operations
- Define, implement and monitor mechanisms to track and report on the Company Risk Posture that includes active threats and remediation of findings detected through security monitoring tools and audit activities.
- Serve as a liaison between Information Security, IT, and Internal Audit under the direction of the Director..
- Provide oversight & leadership over System Access Request (SAR) process; maintain, improve, and monitor processes to validate that requests are complete, approved by system data owner(s) and routed to appropriate systems administrators for fulfillment.
- Provide oversight & leadership over User Access Review process; maintain, improve, and monitor processes to ensure that user access is appropriately reviewed by system data owner(s), IT system owners and that required changes are accurately executed by IT administrators.
- Participate in incident response activities under the direction of the Director; coordinate response procedures to security incidents to ensure compliance to incident response plan, including appropriate documentation as required to conform to policy and legal guidelines.
- Participate in incident response activities under the direction of the VP, Information Security; coordinate response procedures to security incidents to ensure compliance to incident response plan, including appropriate documentation as required to conform to policy and legal guidelines.
Compliance Operations
- Schedule, track and ensure execution of periodic controls, including but not limited to: vulnerability and penetration scans, data center physical security reviews, data restoration tests.
- Monitor, report on, and coordinate remediation of Moderate and High priority security findings (i.e. items detected via vulnerability testing and monitoring controls).
- Manage Change Request Process; ensure that each step of the change request process is defined, implemented and operating as required by Company Policy, Standards and Controls
- Manage Change Advisory Board process; coordinate regularly scheduled meetings, ensuring participation of key decision makers and subject matter experts. Ensure that security impacts, risks & compliance dependencies are addressed throughout the project and/or change request lifecycle.
- Monitor effectiveness of the Change Request Process and ensure change requests are documented and approved, including the retention of supporting documents such as back out procedures and test results. Coordinate with 3rd party vendors as required.
- Perform weekly and/or monthly review of system change monitoring tools to identify system changes. Validate changes with the IT teams, associate to approved system change requests as applicable and promote validated changes to the system baseline.
- Coordinate/assist ongoing management of assets that include users, hardware and software
Governance & Compliance Support
- Define, implement, and monitor mechanisms to organize and maintain retention of information required to evidence to audit (internal & external) that controls are operating effectively.
- Perform control design & operating effectiveness reviews; ensure that Security Operations & IT Shared Services teams are following established policies & procedures and that controls are operating effectively.
- Serve as primary liaison to coordinate information requests supporting both Internal and External Audit ITGC testing. Track and manage responses to follow up inquiries, coordinating with IT leadership/SMEs as needed to ensure timely feedback to audit
The successful candidate will have In-depth knowledge of common information security management frameworks NIST'S SP800-53r, cyber security framework, CIS, CSC, PCI-DSS and HIPPA. Ability to create and interpret procedure documents and forms; demonstrated ability to train others on procedures and workflow processes. 5 to 8 years of IT project management, compliance and security operations, and/or development operations support. Professional certification(s) related to Information Security or Information Systems Auditing strongly preferred (i.e. CISA, CISSP). Bachelors degree in computer science information technology or equivalent work experience. Legally eligible to work in the United States.
Attributes:Responsible, deadline-oriented individual who has the ability to see the larger picture while focusing on detailed information and is adept at building and maintaining relationships, developing trust and achieving business results.
Benefits:Medical, Dental, Vision, Life & Disability Insurance, Maternity & Parental Leave, Flexible Spending Accounts, Discounted Stock Program, 401K, Employee Awards, Employee Assistance Plan, Wellness Incentive, Tuition Assistance, Career Pathways, and More.