Senior Security & Privacy Analyst
The American Institute of Certified Public Accountants - Durham, NC

This job posting is no longer available on Indeed. Find similar jobs:Senior Security Privacy Analyst jobs

The American Institute of Certified Public Accountants is the national, professional association of CPAs, with approximately 386,000 members, including CPAs in business and industry, public practice, government, and education; student affiliates; and international associates. We set ethical standards for the profession and U.S. auditing standards for audits of private companies; federal, state and local governments; and non-profit organizations. We also develop and grade the Uniform CPA Examination.

The Security & Privacy Specialist provides internal consulting on Security & Privacy (S&P) considerations for business solutions by performing risk assessments and providing recommendationsfor compliance and operational effectiveness. Additionally, the S&P Specialist is a key contributor to the development of the S&P program and manages S&P inquiries and incidents as assigned.


  • Bachelor’s Degree in business, IT, accounting or related field.
  • Minimum of 4 years of experience in the IT Audit or S&P field(s)
  • Proficiency in Microsoft Word, Excel and other business and auditing software (TeamMate) used to prepare reports, memos, summaries, and analyses.
  • Ability to organize and manage to deadlines.
  • Firm foundation in S&P risk and control principles and the ability to include privacy principles in the framework.
  • Motivated to learn information systems, audit processes, and S&P concepts.
  • Able to make sense of ambiguity and devise innovative solutions.
  • Attention to detail and ability to learn new operations quickly.
  • Ability to work independently.


  • S&P Consulting (40%)
  • Provide S&P guidance, expertise and knowledge in support of organizational initiatives and projects.
  • Partner with business owners and IT project teams to ensure S&P best practices are integrated at the application design stage.
  • Perform S&P review of projects following quarterly risk assessments.
  • Interface and communicate with S&P committee members.
  • Monitor, evaluate and assess S&P internal controls to ensure compliance and effectiveness.
  • Ensure monitoring, detection and response to S&P incidents, breaches and alerts and coordinate any required corrective actions including legal and senior management involvement with * IT Project Management.
  • Act as key S&P liaison by working with business groups, outside consultants, vendors, auditors, and others to assist with related S&P inquiries (internal or external), reviews or audits.
  • Contribute and advise IT and other departments on the overall S&P risks related to various platforms for delivery of IT solutions and technology.
  • Track to ensure deadlines set are being met.
  • Escalate issues to S&P Manager as appropriate.
  • S&P Program Development (30%)
  • Assist with annual risk assessments by interviewing and gathering information from * stakeholders, IT and others as needed.
  • Contribute to the development and writing of risk management policies and procedures by researching, gathering information and validating content.
  • Contribute to the development of operational guidelines to promote effective and efficient S&P processes.
  • Communicate and educate business owners, stakeholders and others on risk management and S&P processes and procedures.
  • Develop project plans, and manage S&P project tasks as appropriate.
  • Monitor risks, prepare reports and provide early warning of changing and emerging S&P risks.
  • Create S&P materials and presentations.
  • Stay abreast of internal and external trendsCommunicate with S&P committee members and make recommendations.
  • Communicate with S&P committee members and make recommendations.
  • S&P Incident and Inquiry Analysis (20%)
  • Assist in managing S&P incidents and inquires through coordination, administration and/or collection of documentation to ensure timely follow-up and resolution.
  • S&P Finding Follow-up and Reporting (10%)
  • Communicate with business owners and leadership regarding status, due dates, documentation and related items for S&P findings.
  • Assign due dates and follow-up to ensure timelines are met.
  • Lead meetings to obtain documentation and to perform preliminary scan.
  • Prepare, review, and organize work paper documentation to support conclusions and make available to third parties as appropriate.
  • Track, monitor activities and status.
  • Prepare status reports to submit to Management.

Expected Metrics:

  • Quality 30%
  • Productivity 25%
  • Project Management, Planning, Follow-up, and Follow-thru 25%
  • Client Relationships 15%
  • Teamwork 10%
  • Managing/Developing Self 5%

Required Competencies:

  • Communication
  • Problem Solving & Analysis
  • Organization
  • Attention to Detail
  • Presentation skills
  • Innovation
  • Teamwork