DataScan Information Security & Compliance Analyst in Deerfield Beach, Florida


Information Security, an integral component of Legal and Compliance department is responsible for the overall security measures to protect the confidentiality, integrity and availability of World Omni systems and information assets. Functioning as a 2nd Line of Defense this will be accomplished via various methodologies such as vendor oversight, risk assessments, key risk indicators, provider attestations, scorecards as well as associate/user awareness initiatives.

This individual will be responsible for administration of the information security program, governance, oversight and recommendations of technology security controls, risk and compliance management activities. The largest volume of activities for this role will be technical with compliance/risk related as a secondary responsibility. This role will provide engineering advisement and plan and organize information security risk assessments of customers, vendors, and respond to 3rd party information security risk assessments. The selected candidate must have a solid understanding of technical security controls, and ideally will have a technology security architecture background.

  • Participates in projects ensuring alignment to information security policy and standards.

  • Track and monitor the detection and remediation of security vulnerabilities within applications, hosts and infrastructure.

  • Perform cyber threat modeling and provide recommendations for technology security controls.

  • Guides the management of technology risk, security and compliance standards, policies and procedural documentation.

  • Partners with IT, Business Compliance, Legal and HR representatives to ensure that all technology information security, risk and compliance controls adequately meet business compliance requirements.

  • Works closely with the JM Family Compliance team and other 3rd party auditors to manage, mitigate, and swiftly respond to any audit findings that require action.

  • Responsible for working with Technical Engineers, Vendors, SME’s, Project Managers, and Business Analysts to provide input into technical and functional compliance requirements if necessary.

  • Advises and provides awareness and training in the subjects of information security, risk and compliance best practices.

  • Creates and facilitates risk tracking and mitigation reports and metrics to help guide strategic information security needs.

  • Responsible for driving compliance to JM Family identified security frameworks and practices.

  • Partner with the business in support of customer related security and compliance activities including presentations to business customers several times per year.

  • Ensure compliance related activity documentation is maintained throughout the year.

  • Lead SSAE16 Audit activities, coordination and collection of evidence

  • Minimum 3 - 5 years professional experience in the fields of information security engineering, risk management, audit and compliance

  • Bachelor's degree or higher required

  • CISSP certification preferred

  • Strong background in designing, operating and conducting assessments of information security controls

  • Knowledgeable in secure software design and SDLC

  • Value-ad is ability to work with a security service provider to understand, review and coordinate information security deliverables.

  • Experience with audit, compliance and regulatory regulations (e.g., SSAE16, PCI-DSS, HIPAA, GLBA)

  • Knowledge of at least two security controls frameworks (NIST, ISO, CObIT, CSF, CSA, etc.)

  • Professional demeanor and ability to work effectively with all levels of management with excellent verbal and written communication, organizational, and interpersonal skills

  • Proven ability to manage projects to successful completion

  • Ability to create and maintain project plans, schedules, and metrics and progress reports/presentations.

  • Ability to work effectively with technical and non-technical personnel in a cross-functional setting.

  • Ability to relate security principles and processes to business and organizational value.

  • Ability to prioritize and execute tasks in a high-pressure environment.

  • Experience working in a team-oriented, collaborative environment.

  • Ability to travel.

Requisition Number: 16-0242

Post Date: 8/26/2016

Title: Information Security & Compliance Analyst

Alternate Location: World Omni Financial Corp.

Location: FL - Deerfield Beach