IT Security Compliance Administrator - (Remote in Pittsburgh)
About the position Responsibilities
- Serve as an Information Security Consultant to all departments.
- Provide guidance on the confidentiality, integrity, and availability of data.
- Assist other IT functions in identifying, implementing, and maintaining information policies and procedures.
- Respond to client RFPs, RFIs, RAQs, and security audits regarding compliance with client security policies and procedures.
- Provide periodic reports to appropriate personnel, including metrics using various tools.
- Monitor compliance with information security policies and procedures, referring issues to the appropriate department manager.
- Collaborate with various IT teams to understand the requirements for current and new systems such as intrusion detection systems, application security systems, authentication systems, identity management, and access control.
- Lead efforts to provide baseline, periodic, and ongoing information security risk and vulnerability management and penetration testing.
- Monitor policy compliance activities within the IT Department.
- Participate in the development, implementation, and ongoing compliance monitoring of client or business relationships to address data privacy and security concerns, requirements, and responsibilities.
- Maintain current knowledge of applicable data privacy laws (e.g., GDPR, CCPA, etc.) and accreditation standards, and monitor advancements in information technologies to ensure adoption and compliance.
- Manage and perform information security incident response processes and coordinate forensic investigation activities.
- Assess security risk factors in protecting organizational assets and data.
- Identify plans of action to mitigate and address risks.
- Understand administrative, technical, and physical control mechanisms and their role as compensating controls.
- Develop and maintain professional relationships with end users to ensure consistent service delivery, clear communication, and effective support for security initiatives.
- Engage with personnel at all levels of the organization to provide security guidance, address concerns, and promote adherence to policies and best practices.
- Serve on special teams, work groups, project teams, or escalation teams related to various firmwide IT initiatives, including specific one-time events (e.g., research, testing, rollouts, upgrades, installations, and acquisitions/mergers) or ongoing activities.
- Perform all other duties as assigned.
Requirements
- Bachelor's degree in computer science, Information Security, Business or Engineering; or equivalent work experience is required.
- CISA and/or CISSP certification preferred.
- Minimum of three to five years of experience in information systems, including project management experience.
- Extensive understanding of contemporary hardware and software architectures.
- Proven track record in developing security policies and procedures.
- Experience in implementing awareness programs and participating in IT audits.
- Background in applying advanced IT Security concepts.
- Understanding of the legal industry or professional services is preferred but not required. Nice-to-haves
- Cross-function Communication: Ability to communicate security-related concepts effectively to both technical and non-technical staff.
- Collaboration and Teamwork: Skilled in working across departments and with cross-functional teams to support security initiatives.
- Auditing and Risk Mitigation: Proficiency in conducting audits, collecting and analyzing evidence, and implementing risk mitigation strategies.
- Metric Reporting: Ability to track, analyze, and present periodic security metrics to stakeholders for decision-making.
- Security Policy & Best Practices Implementation: Ability to develop, articulate, interpret, and implement security policies, guidance, and best practices across teams to ensure compliance and operational effectiveness.
- Information Systems Management: Proficiency in managing information systems, understanding system terminology, concepts, and best practices.
- Regulatory Compliance Application: Ability to interpret, apply, and ensure adherence to industry program policies, procedures, regulations, and laws in security compliance processes.
- Data Analysis and Evaluation: Skill in collecting, analyzing, and interpreting complex data to evaluate security risks and system performance.
- Audit Planning and Project Management: Expertise in planning and managing information security audits and security-related projects.
- Independent Work and Judgement: Strong decision-making skills, with the ability to exercise independent judgment and discretion in security operations.
- Problem Resolution and Negotiation: Skilled in negotiating issues and effectively resolving problems.
- Technical Proficiency: Proficiency in arenaflex Office Suite and security/compliance tracking tools to document and manage security initiatives.
Benefits
- 401k Plan
- Medical Health Savings Account
- Virtual Health
- Dental
- Vision
- Accident Insurance
- Hospital Indemnity
- Critical Illness Insurance
- Life Insurance
- Short-Term Disability
- Long-Term Disability
- Flexible Spending Accounts
- Lyra Health Employee Assistance Program (EAP)
- Paid Family Leave (for eligible Exempt and Non-Exempt Staff)
- College Savings Plan
- Transportation Benefit
- Back-up Child Care
- College Coach
- Pet Insurance
- Paid Sick Time
- Paid Time Off Apply tot his job Apply tot his job
Apply tot his job Apply To this Job