IT Security Compliance Administrator – (Remote in Pittsburgh)
About the position
Responsibilities
• Serve as an Information Security Consultant to all departments. • Provide guidance on the confidentiality, integrity, and availability of data. • Assist other IT functions in identifying, implementing, and maintaining information policies and procedures. • Respond to client RFPs, RFIs, RAQs, and security audits regarding compliance with client security policies and procedures. • Provide periodic reports to appropriate personnel, including metrics using various tools.
• Monitor compliance with information security policies and procedures, referring issues to the appropriate department manager. • Collaborate with various IT teams to understand the requirements for current and new systems such as intrusion detection systems, application security systems, authentication systems, identity management, and access control. • Lead efforts to provide baseline, periodic, and ongoing information security risk and vulnerability management and penetration testing. • Monitor policy compliance activities within the IT Department.
• Participate in the development, implementation, and ongoing compliance monitoring of client or business relationships to address data privacy and security concerns, requirements, and responsibilities. • Maintain current knowledge of applicable data privacy laws (e.g., GDPR, CCPA, etc.) and accreditation standards, and monitor advancements in information technologies to ensure adoption and compliance. • Manage and perform information security incident response processes and coordinate forensic investigation activities.
• Assess security risk factors in protecting organizational assets and data. • Identify plans of action to mitigate and address risks. • Understand administrative, technical, and physical control mechanisms and their role as compensating controls. • Develop and maintain professional relationships with end users to ensure consistent service delivery, clear communication, and effective support for security initiatives. • Engage with personnel at all levels of the organization to provide security guidance, address concerns, and promote adherence to policies and best practices.
• Serve on special teams, work groups, project teams, or escalation teams related to various firmwide IT initiatives, including specific one-time events (e.g., research, testing, rollouts, upgrades, installations, and acquisitions/mergers) or ongoing activities. • Perform all other duties as assigned. Requirements
• Bachelor's degree in computer science, Information Security, Business or Engineering; or equivalent work experience is required. • CISA and/or CISSP certification preferred. • Minimum of three to five years of experience in information systems, including project management experience.
• Extensive understanding of contemporary hardware and software architectures. • Proven track record in developing security policies and procedures. • Experience in implementing awareness programs and participating in IT audits. • Background in applying advanced IT Security concepts. • Understanding of the legal industry or professional services is preferred but not required. Nice-to-haves
• Cross-function Communication: Ability to communicate security-related concepts effectively to both technical and non-technical staff.
• Collaboration and Teamwork: Skilled in working across departments and with cross-functional teams to support security initiatives. • Auditing and Risk Mitigation: Proficiency in conducting audits, collecting and analyzing evidence, and implementing risk mitigation strategies. • Metric Reporting: Ability to track, analyze, and present periodic security metrics to stakeholders for decision-making. • Security Policy & Best Practices Implementation: Ability to develop, articulate, interpret, and implement security policies, guidance, and best practices across teams to ensure compliance and operational effectiveness.
• Information Systems Management: Proficiency in managing information systems, understanding system terminology, concepts, and best practices. • Regulatory Compliance Application: Ability to interpret, apply, and ensure adherence to industry program policies, procedures, regulations, and laws in security compliance processes. • Data Analysis and Evaluation: Skill in collecting, analyzing, and interpreting complex data to evaluate security risks and system performance. • Audit Planning and Project Management: Expertise in planning and managing information security audits and security-related projects.
• Independent Work and Judgement: Strong decision-making skills, with the ability to exercise independent judgment and discretion in security operations. • Problem Resolution and Negotiation: Skilled in negotiating issues and effectively resolving problems. • Technical Proficiency: Proficiency in Microsoft Office Suite and security/compliance tracking tools to document and manage security initiatives. Benefits
• 401k Plan
• Medical Health Savings Account
• Virtual Health
• Dental
• Vision
• Accident Insurance
• Hospital Indemnity
• Critical Illness Insurance
• Life Insurance
• Short-Term Disability
• Long-Term Disability
• Flexible Spending Accounts
• Lyra Health Employee Assistance Program (EAP)
• Paid Family Leave (for eligible Exempt and Non-Exempt Staff)
• College Savings Plan
• Transportation Benefit
• Back-up Child Care
• College Coach
• Pet Insurance
• Paid Sick Time
• Paid Time Off Apply tot his job
Apply tot his job
Apply To this Job