Security and Compliance Analyst

Sacramento, CA, United States

Security Risk and Compliance Analyst will operate within a divisional security team reporting to the Director of Information Security. Analyst will be responsible for risk assessment, reporting and audit of Customer facing applications supporting the Tax and Accounting (TAA) and Corporate Performance (CP&ESG) application portfolio. Primary responsibilities will include maintaining compliance and assurance against established security frameworks including SO2 and ISO27001. Analyst will work on annual certification requirements and daily IT security tasks. IT Risk assessment and documentation and assessment of implemented security policies and standards will be a core focus of this position. Analyst will perform a wide range of security tasks to monitor and support the Confidentiality, Integrity, and Availability of applications.

Candidate will focus on reviewing risk assessment of security controls, evidence collection, and reviewing IT security of audited systems. Will also be responsible for internal and external customer compliance reviews, IT system audits, implementation of internal team projects, and third-party vendor audits of Tax and Accounting (TAA) and Corporate Performance (CP&ESG) applications.

Interaction with external customers and third-party auditors to perform risk assessments and present evidence will be required.

Essential Duties and responsibilities

Provide coordination and support of activities related to external and internal compliance audits and security governance across Wolters Kluwer division. This will include a review of business-based needs, interaction with auditors, cost considerations, and coordination of onsite or remote audits. Audits frameworks could include SOC2, ISO27001, NIST 800-53, and privacy related frameworks such as GDPR

Perform and document annual IT risk assessments related to security and compliance controls for audited products within the TAA application portfolio.

Review IT Vulnerability assessments for hardware and software systems, recommend and track remediation of vulnerability data across multiple systems.

Work with Tax divisional application owners and application security owners to document and track Plan of Action and Milestones (POAM) for specific systems. Perform Review and track risk register of findings across the enterprise and work with application owners to remediate.

Coordinate with Global Corporate IT Operations teams to manage workload and special project intakes. Ensure that all critical vendors are assessed annually and adhere to contractual requirements.

Coordinate and participate in security activities and effectively communicates across cross functional teams including Global Business (GBS), Corporate, Global Security (GIS), Risk Management, Legal, TAA Enterprise Architecture, and TAA divisional security.

Participate in Global Information Security maturity assessments based on NIST 800-53

Other Duties

Assist with the coordination of Risk, Compliance and Privacy related activities and requests across Wolters Kluwer TAA businesses. Participate in global GDPR / Data privacy controls reviews as needed.

Participate in Security Incident Response tabletop, events or critical incidents as they occur to represent divisional security team and coordinate with divisional application owners as required.

Create and manage ServiceNow incident tickets for tasks to be assigned to WK Operations teams as needed.

Perform custom security or compliance training as part of the annual security awareness program for TAA employees and contractors in coordination with Global teams. Create and provide additional training as needed to meet custom requirements of TAA businesses.

Job Qualifications

Education:

Bachelor’s Degree in Business, Computer Information Systems, or a related Computer Science field is required

Experience:

3+ Years of Experience working in an Information Security role or relevant information security domain knowledge

3+ years of experience working with Compliance auditors and security frameworks.

Experience with SOC2 / ISO27001 audit frameworks is required.

Understanding of Development methodology (SDLC) and Agile (SAFE) is preferred.

Cloud security controls and experience within MS Azure or AWS systems is preferred.

CISSP, SSCP, ISACA, or GIAC security certification is preferred.

Other Knowl edge, Skills, Abilities or Certifications:

Knowledge of audit methodology frameworks, SharePoint Administration, and audit tracking tools

Strong organizational skills, including ability to manage timelines, both as an individual and as part of a team.

Excellent oral and written communication and interpersonal skills

Strong Technology background (Software development, Information Technology, Vendor Risk Assessment)

Proven track record of working with cross-functional business leaders to achieve difficult objectives

Ability to perform in complex cross-functional business environment

Strong problem solving and troubleshooting skills

Team building and leadership skills

Proficient in Microsoft Word, Excel, and SharePoint Administration

Strong knowledge of ServiceNow platform

Travel requirements

Some travel may be required

EQUAL EMPLOYMENT OPPORTUNITY Wolters Kluwer U. S. Corporation and all of its subsidiaries, divisions and customer/business units is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.