IT Security Compliance Administrator - (Remote in Pittsburgh)

About the position Responsibilities

• Serve as an Information Security Consultant to all departments.
• Provide guidance on the confidentiality, integrity, and availability of data.
• Assist other IT functions in identifying, implementing, and maintaining information policies and procedures.
• Respond to client RFPs, RFIs, RAQs, and security audits regarding compliance with client security policies and procedures.
• Provide periodic reports to appropriate personnel, including metrics using various tools.
• Monitor compliance with information security policies and procedures, referring issues to the appropriate department manager.
• Collaborate with various IT teams to understand the requirements for current and new systems such as intrusion detection systems, application security systems, authentication systems, identity management, and access control.
• Lead efforts to provide baseline, periodic, and ongoing information security risk and vulnerability management and penetration testing.
• Monitor policy compliance activities within the IT Department.
• Participate in the development, implementation, and ongoing compliance monitoring of client or business relationships to address data privacy and security concerns, requirements, and responsibilities.
• Maintain current knowledge of applicable data privacy laws (e.g., GDPR, CCPA, etc.) and accreditation standards, and monitor advancements in information technologies to ensure adoption and compliance.
• Manage and perform information security incident response processes and coordinate forensic investigation activities.
• Assess security risk factors in protecting organizational assets and data.
• Identify plans of action to mitigate and address risks.
• Understand administrative, technical, and physical control mechanisms and their role as compensating controls.
• Develop and maintain professional relationships with end users to ensure consistent service delivery, clear communication, and effective support for security initiatives.
• Engage with personnel at all levels of the organization to provide security guidance, address concerns, and promote adherence to policies and best practices.
• Serve on special teams, work groups, project teams, or escalation teams related to various firmwide IT initiatives, including specific one-time events (e.g., research, testing, rollouts, upgrades, installations, and acquisitions/mergers) or ongoing activities.
• Perform all other duties as assigned.

Requirements

• Bachelor's degree in computer science, Information Security, Business or Engineering; or equivalent work experience is required.
• CISA and/or CISSP certification preferred.
• Minimum of three to five years of experience in information systems, including project management experience.
• Extensive understanding of contemporary hardware and software architectures.
• Proven track record in developing security policies and procedures.
• Experience in implementing awareness programs and participating in IT audits.
• Background in applying advanced IT Security concepts.
• Understanding of the legal industry or professional services is preferred but not required. Nice-to-haves
• Cross-function Communication: Ability to communicate security-related concepts effectively to both technical and non-technical staff.
• Collaboration and Teamwork: Skilled in working across departments and with cross-functional teams to support security initiatives.
• Auditing and Risk Mitigation: Proficiency in conducting audits, collecting and analyzing evidence, and implementing risk mitigation strategies.
• Metric Reporting: Ability to track, analyze, and present periodic security metrics to stakeholders for decision-making.
• Security Policy & Best Practices Implementation: Ability to develop, articulate, interpret, and implement security policies, guidance, and best practices across teams to ensure compliance and operational effectiveness.
• Information Systems Management: Proficiency in managing information systems, understanding system terminology, concepts, and best practices.
• Regulatory Compliance Application: Ability to interpret, apply, and ensure adherence to industry program policies, procedures, regulations, and laws in security compliance processes.
• Data Analysis and Evaluation: Skill in collecting, analyzing, and interpreting complex data to evaluate security risks and system performance.
• Audit Planning and Project Management: Expertise in planning and managing information security audits and security-related projects.
• Independent Work and Judgement: Strong decision-making skills, with the ability to exercise independent judgment and discretion in security operations.
• Problem Resolution and Negotiation: Skilled in negotiating issues and effectively resolving problems.
• Technical Proficiency: Proficiency in Microsoft Office Suite and security/compliance tracking tools to document and manage security initiatives.

Benefits

• 401k Plan
• Medical Health Savings Account
• Virtual Health
• Dental
• Vision
• Accident Insurance
• Hospital Indemnity
• Critical Illness Insurance
• Life Insurance
• Short-Term Disability
• Long-Term Disability
• Flexible Spending Accounts
• Lyra Health Employee Assistance Program (EAP)
• Paid Family Leave (for eligible Exempt and Non-Exempt Staff)
• College Savings Plan
• Transportation Benefit
• Back-up Child Care
• College Coach
• Pet Insurance
• Paid Sick Time
• Paid Time Off Apply tot his job Apply To this Job

Apply tot his job Apply To this Job