Information Technology Compliance Analyst
Boston, MA, United States
Title: Information Technology (IT) Compliance Analyst
Location: Boston, MA (hybrid)
About MOCA Systems, Inc.:
MOCA Systems, Inc. (MSI) is a leading service and software provider for the Architecture, Engineering, and Construction industry. MSI delivers innovative solutions to Owners, Engineers, Architects, and Contractors working on some of the largest, most complex construction projects in the world. A profitable firm with offices across the U.S. and partners around the globe, MSI’s service and technology offerings ensure that projects are delivered on-time and on-budget and fulfill all Owner expectations. To learn more, visit mocasystems.com .
About Our Services Division:
MOCA Services is a full-service provider for Owners in the design and construction industry. Our battle-tested programs help clients make their projects successful from project ideation, through construction, and to occupancy. MOCA Services is relationship-focused and provides solutions for on-time, on-budget, and on-scope delivery of large , complex, and socially important projects. To learn more, visit moca-pm.com .
About Our Software Division:
Touchplan is the premiere software offering of MOCA Systems, Inc. Used on the most projects, by the most users, to optimize the largest construction volume, Touchplan is the number one construction planning and analytics platform. The real-time, cloud-based solution enables the collaborative planning essential for preventing schedule and budget slippage. It also provides Owners and Contractors the instant insights they need to track progress and anticipate problems on projects. To learn more, visit www.touchplan.io .
Summary:
The IT Compliance Analyst is responsible for supporting the development, maintenance, and revision of information technology security policies, guidelines, and processes; assisting with risk assessments; and reviewing information technology, cybersecurity, and line of business security controls. Through their efforts the incumbent will play a critical role in ensuring the effective governance, management, and compliance of our information technology systems, proprietary software, and technology related processes.
Duties & Responsibilities: Plays a lead role in the development and maintenance of compliance documentation (i.e. policies, guidelines, and processes) that are aligned with internal controls and external regulatory/legal requirements
Drives scheduled control checks, risk assessments, and resolution/follow-up activities for Information Technology, Information Security, and line-of-business defined controls to identify and neutralize threats and vulnerabilities
Lead or assisting in developing and implementing responses to security incidents, including investigations, containment, eradication, and recovery
Applies and interprets audit and compliance requirements on behalf of the organization
Supports the preparation and ongoing updating of training materials and other communication tools to ensure the organization meets compliance requirements
Supports compliance training and awareness initiatives for employees to promote understanding of regulatory requirements and ethical standards
Supports cross-functional teams to integrate compliance considerations into product development, operations, and business strategies
Evaluates and monitors the security practices of third-party vendors and partners to assess and help address supply chain risks
Researches and interprets current and pending laws and regulations, industry standards, and client and vendor commitments to understand and communicate compliance requirements
Perform cybersecurity compliance gap analyses with remediation action plans
Perform crosswalks between various cybersecurity standards
Other duties as assigned
Qualifications: Bachelor’s degree in cybersecurity, information systems, management, or related fields or equivalent experience in information systems
Ability to interpret complex technical concepts, align them to compliance requirements, and articulate the information in guidelines and bulletins
Functional understanding of enterprise technology infrastructure, application security, database security, and information systems
3+ years’ experience in IT policy, controls, assessment, cybersecurity, audit, compliance, or GRC role
3+ years’ experience creating, maintaining and/or auditing cybersecurity policies, procedures, and processes.
Professional security management certification desired. CISA, CISSP preferred.
Knowledge of common information security frameworks to include ISO/IEC 27001 and NIST 800-171
Knowledge of IT compliance standards and regulations to include GDPR and CMMC
Experience in the 3rd party cybersecurity auditing process to include SOC and/or ISO compliance certifications
Strong organizational skills: ability to balance multiple tasks simultaneously
Excellent interpersonal skills: comfortable dealing with a large span of people from middle tier management to end users
Proficient with the Microsoft Office Suite to include document creation and formatting
Strong understanding of cybersecurity technologies, threat landscapes, and risk management
Equal Opportunity Employer Statement:
MOCA Systems, Inc. (“MOCA”) is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of any kind. MOCA is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at MOCA are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, sex, sexual orientation, gender identity, national origin, veteran, disability, or any other status protected by the laws or regulations in the locations where we operate. MOCA will not tolerate discrimination or harassment based on any of these characteristics. MOCA encourages applicants of all ages.
#J-18808-Ljbffr