Senior Information Security Compliance Analyst

Description

Technology keeps the world moving - It’s no different here at Hot Topic. We are looking to add a Senior Analyst IT Security Compliance who is responsible for implementing and maintaining the information security compliance management framework and program. This position will be part of Information Security and work with IT, business, e-commerce, legal and business units to meet our compliance requirements.

The ideal candidate should have extensive experience in compliance management frameworks and programs, a deep understanding of general information security technologies and best practices, and knowledge of data privacy laws and regulations. This role must collaborate effectively with development, Legal, IT, engineering, and operations counterparts as well as internal and external employees to assess, report, and maintain compliance against applicable security industry standards and regulatory requirements.

This role will be onsite 2 days per week in our City of Industry, CA office.

Pay range is $100,000 - 115,000.

Please note the pay range for this position starts as listed in the job posting, but other factors such as an individual’s education, location, meeting the minimum job requirements for the role, training, and experience, will determine the final salary for potential new hires.

WHAT YOU'LL DO:

Lead and maintain security-related audits (PCI-DSS, SOX ITGC, application controls).

Ensure timely and complete responses to evidence requests and compile management responses and remediation plans as needed.

Conduct regular security audits and assessments to identify vulnerabilities, compliance gaps, and areas of improvement. Implement remediation plans and track progress to address identified issues.

Prepare status report and metrics to business, IT and security leadership on a regular basis.

Develop and deliver cybersecurity awareness programs and training sessions for employees.

Participate in the vendor risk assessment process and provide security risk assessment services and contract reviews to ensure that third parties meet the company’s information security control requirements.

Develop and maintain IT security policy, standards and procedures based on company’s risk appetite, industry best practice guidelines, and regulatory requirements.

Lead incident response efforts, including investigation, containment, recovery, and reporting, and tracking of security incidents.

Advise and train IT process owners on best practices related to information security, cyber risks, IT General Controls, application controls, and remediation of any issues.

Serve as a subject matter export and trust advisor to business units and IT.

WHAT YOU'LL NEED:

A minimum of 5 years of experience in one or more information security roles, including IT security engineer, compliance and cyber risk management, IT Audit, security control process assurance or audit of technology controls.

Demonstrated deep background in risk treatment, controls selection, and information security controls process design.

Demonstrated experience working directly with internal and external auditors to satisfy audit requests, present evidence and provide management responses to findings that are identified during the audit or assessment.

Experience in cloud security controls in different cloud platforms (AWS, Microsoft Azure, GCP, Oracle Cloud).

Experience in web application and mobile application security.

Bachelor’s degree in information security, Management of Information Systems, Computer Science, Cyber Security or related field required. Master’s degree in a related field is an advantage.

Professional security risk management is required such as CISSP, CISM, CISA, CRISC or other similar credentials.