IT Security/compliance Analyst

**ABOUT THE ROLE**

A-LIGN's IT (Information Technology) department is seeking an Information Security Analyst to join their innovative team. In this role, you will be responsible for coordinating, planning, and organizing information security activities throughout the organization. You will help in defining and executing security plans to maintain an effective security posture while safeguarding A-LIGN's information technology assets and ensuring alignment with relevant compliance framework and assisting the internal compliance team with maintaining the right controls to maintain accreditation for specific governing bodies A-LIGN must comply with. We are looking for a security professional that has significant experience in all phases of security assessment. You will perform internal auditing of a full range of information security controls to help maintain compliance with both internal and external security requirements.

**RESPONSIBILITIES**
- Analyze and respond to alerts assigned by our MDR (Managed Detection & Response) SOC (Security Operations Center)
- Work with IT teams to resolve alerts.
- Improve our Security Score in M365 utilizing Microsoft 365 Defender and other M365 E5 tools.
- Ensure device compliance and work with other IT teams to mitigate findings.
- Assist in developing or enhancing Information security policies, plans, and procedures.
- Review & assess requests for new software.
- Work with Legal and Compliance teams to perform security risk assessments on new vendors.
- Develop and implement security policies, procedures, standards, and guidelines that are compliant with regulations and industry standards.
- Work with internal compliance team to oversee internal controls to maintain accreditation with governing bodies such as ANAB, A2LA, UKAS, AICPA and others for A-LIGN to perform its services
- Work with legal and compliance to maintain, test, and document incident response plans and protocols.
- Plan, drive and manage annual BC (Business Continuity) and DR (Disaster Recovery) testing.
- Work with other IT teams to perform upgrades to existing software and install new software as required.
- Duties, responsibilities, and activities may change, or new ones may be assigned at any time based on business needs.

**MINIMUM QUALIFICATIONS**

**EDUCATION**

Bachelor's degree in IT Security, in a related field, or equivalent experience

**EXPERIENCE**
- Technical expertise in two or more of the following: IDS/IPS, web proxy, SEIM (Sentinel), forensics, automation technologies, vulnerability scanning, configuration monitoring, Microsoft 365 Defender, and/or endpoint detection response
- At least 5 years of relevant experience with NIST Special Publications 800-37, 800-39, 800-53/53A and 800-171, SSAE 16/SOC2.
- Background with privacy regulations and laws to include HIPAA, FERPA, GDPR, and CPRA (or other state-level data protection and privacy laws) Preferred but not required.

**SKILLS**
- Excellent written and verbal communication skills
- Ability to adapt to changing standards and expectations
- Ability to work in a fast-paced environment
- Ability to work individually as well as part of a team
- Ability to meet tight deadlines
- Ability to communicate with all levels of employees
- A high degree of motivation

**BENEFITS**
- Employer Paid Health, Vision, Dental
- 401 (K) Plan with Employer Matching
- Competitive Bonus Structure
- Employer Paid Life Insurance and Disability Insurance
- Generous Paid Time Off Plan
- Vacation Bonus
- Paid Office Closure December 24-January 1
- Paid Holidays Schedule
- Certification Reimbursement
- Flu Shot Reimbursement

**ABOUT A-LIGN**

**COME WORK FOR A-LIGN**

A-LIGN is an Equal Opportunity Employer Minorities, women, disabled, and veterans encouraged to apply