Senior Security & Privacy Analyst
AICPA - Durham, NC

This job posting is no longer available on AICPA. Find similar jobs: Senior Security Privacy Analyst jobs - AICPA jobs

The Security & Privacy Specialist provides internal consulting on Security & Privacy (S&P) considerations for business solutions by performing risk assessments and providing recommendationsfor compliance and operational effectiveness. Additionally, the S&P Specialist is a key contributor to the development of the S&P program and manages S&P inquiries and incidents as assigned.

Reports To:
Manager – Security & Privacy

Direct Reports:

Required Competencies:
  • Communication
  • Problem Solving & Analysis
  • Organization
  • Attention to Detail
  • Presentation skills
  • Innovation
  • Teamwork

S&P Consulting (40%)
  • Provide S&P guidance, expertise and knowledge in support of organizational initiatives and projects.
  • Partner with business owners and IT project teams to ensure S&P best practices are integrated at the application design stage.
  • Perform S&P review of projects following quarterly risk assessments.
  • Interface and communicate with S&P committee members.
  • Monitor, evaluate and assess S&P internal controls to ensure compliance and effectiveness.
  • Ensure monitoring, detection and response to S&P incidents, breaches and alerts and coordinate any required corrective actions including legal and senior management involvement with IT Project Management.
  • Act as key S&P liaison by working with business groups, outside consultants, vendors, auditors, and others to assist with related S&P inquiries (internal or external), reviews or audits.
  • Contribute and advise IT and other departments on the overall S&P risks related to various platforms for delivery of IT solutions and technology.
  • Track to ensure deadlines set are being met.
  • Escalate issues to S&P Manager as appropriate.
S&P Program Development (30%)
  • Assist with annual risk assessments by interviewing and gathering information from stakeholders, IT and others as needed.
  • Contribute to the development and writing of risk management policies and procedures by researching, gathering information and validating content.
  • Contribute to the development of operational guidelines to promote effective and efficient S&P processes.
  • Communicate and educate business owners, stakeholders and others on risk management and S&P processes and procedures.
  • Develop project plans, and manage S&P project tasks as appropriate.
  • Monitor risks, prepare reports and provide early warning of changing and emerging S&P risks.
  • Create S&P materials and presentations.
  • Stay abreast of internal and external trendsCommunicate with S&P committee members and make recommendations.
  • Communicate with S&P committee members and make recommendations.
S&P Incident and Inquiry Analysis (20%)
  • Assist in managing S&P incidents and inquires through coordination, administration and/or collection
    of documentation to ensure timely follow-up and resolution.
S&P Finding Follow-up and Reporting (10%)
  • Communicate with business owners and leadership regarding status, due dates, documentation and related items for S&P findings.
  • Assign due dates and follow-up to ensure timelines are met.
  • Lead meetings to obtain documentation and to perform preliminary scan.
  • Prepare, review, and organize work paper documentation to support conclusions and make available to third parties as appropriate.
  • Track, monitor activities and status.
  • Prepare status reports to submit to Management.
Expected Metrics:
  • Quality 30%
  • Productivity 25%
  • Project Management, Planning, Follow-up, and Follow-thru 25%
  • Client Relationships 15%
  • Teamwork 10%
  • Managing/Developing Self 5%

  • Bachelor’s Degree in business, IT, accounting or related field.

  • Minimum of 4 years of experience in the IT Audit or S&P field(s)

  • Proficiency in Microsoft Word, Excel and other business and auditing software (TeamMate) used to prepare reports, memos, summaries, and analyses.

  • Ability to organize and manage to deadlines.

  • Firm foundation in S&P risk and control principles and the ability to include privacy principles in the framework.

  • Motivated to learn information systems, audit processes, and S&P concepts.

  • Able to make sense of ambiguity and devise innovative solutions.

  • Attention to detail and ability to learn new operations quickly.

  • Ability to work independently.

About this company
28 reviews