IT Security Risk & Compliance Analyst

Great benefits. Competitive pay. We know these are some of the things people look for in a job.

But if you’re the kind of person who also cares about making an impact and serving our nation’s wounded warriors and their families, then you’re exactly the kind of person we’re looking for. When you join Wounded Warrior Project, you’re committing to making a difference. We make a commitment to you too – helping you to find that spark, ignite your passion to serve, and embark on a career with meaning and purpose.

At Wounded Warrior Project we recognize our mission cannot be accomplished without our talented teammates, which is why we’re proud to offer benefits such as:

• A flexible hybrid work schedule (3 days in office, 2 days’ work from home)

• Full medical, dental and vision coverage for both teammates AND family members

• Competitive pay and performance incentives

• A fun, mission focused and collaborative team environment

A mission that matters is just the beginning, so if you’re ready to get started, we’re ready for you.

The Wounded Warrior Project’s Information Security Risk & Compliance Analyst conducts various security compliance initiatives such as risk assessments, security control compliance reviews and 3rd party risk assessments. This position is responsible for utilizing strong communication, analytical, and troubleshooting abilities to identify and report on controls from various security domains, control and/or process gaps and to identify process and technology improvement opportunities to help reduce risks to our information assets.

DUTIES & RESPONSIBILITIES

• Conduct periodic information security risk and compliance assessments.

• Review, assess, and monitor security compliance programs against security policies, standards, and frameworks such as PCI-DSS, NIST-CSF, SOC2 II, etc.

• Support developing remediation plans for issues and risks, coordinate activities with owners, and track remediation to completion.

• Support the management of documentation such as security policies, standards, processes, procedures.

• Facilitate periodic user access reviews and access management processes and procedures.

• Perform vendor security risk assessments.

• Build and cultivate positive working relationships with stakeholders across various teams.

• Present findings, track remediation efforts, and report metrics.

• Assess risks associated with new applications and systems during RFI/RFP processes.

• Other related duties as assigned.

KNOWLEDGE, SKILLS, & ABILITIES

• Strong attention to detail, unwavering integrity, and strong business ethics.

• Excellent troubleshooting skills, problem-solving, analytical thinking, and project management.

• Solve complex problems and implement practical solutions to address gaps and deficiencies identified through various compliance or risk assessments.

• Communicate effectively both orally and in written formats.

• Knowledge of IT and security technologies such as Cloud, Active Directory, Single Sign-on, Intrusion Detection, Data Loss Prevention, Identity and Access Management, Endpoint Detection and Response, etc.

• Ability to work independently to achieve objectives and deliver results.

• Experience and working knowledge of security standards/frameworks such as PCI-DSS, NIST, SOC 2 II, etc.

EXPERIENCE

Requirements

• Minimum of two (2) years of experience performing IT security risk and compliance related tasks such as auditing, compliance reviews and risk assessments.

• Minimum of two (2) years of experience implementing or testing compliance with common security frameworks and/or regulatory requirements such as NIST – CSF, HIPAA, PCI – DSS, SOC 2 II, etc.

Preferences

• None.

EDUCATION

Requirements

• Bachelor’s degree in related field or equivalent demonstrated work experience and knowledge required.

Preferences

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or other related field preferred.

CERTIFICATIONS & LICENSURE

Requirements

• None

Preferences

• Relevant security certifications preferred (e.g., CompTIA - Security+, ISC2 – CISSP, ISACA – CISA, CRISC)

WORK ENVIRONMENT/PHYSICAL DEMANDS

• General office environment; temperature controlled.

• May require participation in events under varying weather conditions.

• Up to 5% travel.

Wounded Warrior Project® is an equal opportunity employer committed to providing equal employment opportunity to all persons without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, marital status, citizenship, age, veteran or military status, disability, genetic information, or any other characteristic protected by law.

Please note:

Wounded Warrior Project is not seeking assistance or accepting unsolicited resumes from search firms without a written search agreement in place. All resumes submitted by search firms to any employee at Wounded Warrior Project via email, the Internet or directly to hiring managers at Wounded Warrior Project in any form without a valid written search agreement in place will be deemed the sole property of Wounded Warrior Project, and no fee will be paid in the event the candidate is hired by Wounded Warrior Project as a result of the referral or through other means."