Arcosa, Inc. is seeking an Information Security Compliance Analyst in our Dallas, TX headquarters. Reporting to the Director of Cyber Security and Compliance, the Information Security Compliance Analyst will assist with the coordination and completion of government, regulatory, and compliance documents for Information Technology. This role will also generate reports and/or metrics that help track compliance issues identified through the Security & Compliance Assessment process.
Arcosa, Inc. (NYSE: ACA) is a growth-oriented manufacturer and producer of infrastructure-related products and services. The company has businesses with leading positions in construction, energy, and transportation markets with annual revenues in excess of $1B.
Responsibilities:
Documenting, implementing, and assessing policies, processes, and procedures
Actively serve as primary point of contact for internal and external audits (e.g. SOX,FFIEC) and provide IT management direction as to how to remediate pertinent action items.
Partner with IT control owners in implementing and validating controls for Access Management, Release
Management, Change Management and Vendor Management processes to ensure compliance with the IT Frameworks
Coordinate with control owners to ensure active management /monitoring of controls occurs throughout the year
Manage IT annual testing for internal and external audits, risk assessments, and regulatory, legal and policy compliance
Assist with the requirements and achievement of appropriate certification programs surrounding information security
Facilitate user access reviews and ensure respective remediation is performed in a timely manner
Advise and partner with IT teams on how to effectively comply with IT standards to proactively mitigate risks
Provide guidance and ensure compliance with any applicable information security standards and regulations for employees, partners, and other third parties
Monitor, track and report status of security tasks and open remediation items
Manage Data Protection Program and ensure access sensitive data is appropriately authorized
Evaluate control effectiveness of internal and external risk assessments
Develops procedures to support security related activities
Manage Third Party Security Management program and ensure third party security risks are monitored
Additional responsibilities as needed
Requirements:
Bachelor's degree in Business Administration, Accounting, Information Systems or related field preferred
5 plus years of experience in IT audit or information security role
Demonstrated experience maintaining and updating policies and procedures
Demonstrated knowledge of information security standards and methodologies with general understanding of security processes, tools and latest technologies
Knowledge of PCI, SOC2, ISO, COBIT, SOX GCC, ITIL, HIPPA, Privacy Acts, and other IT compliance frameworks
CISA or CIA certified candidates preferred
Strong verbal and written communication skills
Ability to work with minimal supervision, balancing a mix of resources, due dates and requirements.
Detail-oriented with strong adaptability and capacity to work in fast-paced environments