Reporting to the Security Compliance Manager, the Security Compliance Analyst is a key member of the Security, Governance and Compliance team. This position is focused on PCI and SOC1/SOC2 compliance, working across multiple business units and markets globally to ensure and deliver upon our annual compliance assessments and improve our security compliance posture overall. The Security Compliance Analyst will work closely with Information Security leadership and management team members to build and maintain a strong security compliance practice, while ensuring ongoing delivery on our compliance obligations. _
- The role requires attention to detail, technical expertise, and control testing experience with strong people skills. Must have the ability to build trusted relationships and influence decisions around security risk and compliance management. _
**What you'll do**:
- Support management of the PCI and SOC compliance process from end to end including pre-assessments, contracting, planning, scheduling, walkthroughs, testing, evidence collection, reporting, and remediation.
- Conduct multiple annual compliance reports and enterprise-level security assessments on Equifax systems globally (e.g. PCI-DSS, FISMA, FedRAMP, NIST, etc).
- Perform compliance scope advisement for both on-premises and cloud environments to determine applicable security compliance requirements for an environment.
- Support evidence collection with regards to various security compliance frameworks including SOC, PCI-DSS, FISMA, FedRAMP, NIST, etc.
- Collaborate with multiple departments and cross functional teams
- Assist with analysis of security control mapping and compliance efficiency improvements.
- Assist in maturing security compliance via automation or other tools
- Provide reporting and trending information of identified risks to compliance timelines
- Organize, publish, and maintain audit evidence and related documents in such a way that information is easily accessible
- Assist Global Security Compliance team in other tasks as required
- Perform compliance scope advisement for both on-premises and cloud environments to determine applicable security compliance requirements for an environment.
- Monitor and communicate program measures of success, plans, status, issues and risks in a timely manner to team members, stakeholders and senior level management.
- Identify industry best practices and recommend program updates or changes as needed to ensure program success.
- Proactively advise management and staff about potential security or compliance risks that may have a material impact on the business.
- Report to management and senior leadership on KPI's and KRI's for compliance programs (NIST, PCI-DSS, FISMA, FedRAMP, NYDFS500, SOC1/2 and ISO 27001).
- Perform program risk management and identify and assist BU/Applications teams with appropriate remediation guidance for identified compliance gaps.
**What experience you need**:
- Security Certifications such as CISSP, CCSP, CISA, CISM, QSA/ISA, CompTIA, etc.
- 3-5 years experience in **PCI or SOC1/2 audits **or directly related audit experience
- 3-5 years of experience performing assessments of information security programs including detailed control testing demonstrating thorough understanding of information security practices and methodologies, and public cloud environments (GCP, AWS, and Azure) and familiarity with security best practices
- 3-5 years experience testing and reviewing controls related to IT concepts, cloud services (IaaS, PaaS, SaaS), networking concepts (routers, firewalls, cloud networking rules), security tools (SIEM, IDS/IPS, FIM, A/V), virtualization, and tokenization
**What could set you apart**:
- Bachelor's Degree in Cybersecurity, Information Systems, Information Security, Information Technology, or comparable major strongly preferred
- Consulting experience (Big 4) much preferred
- Familiarity with project management, Wiz, ServiceNow preferred
- Excellent organizational, time management, customer service and problem-solving skills
LI-DU1
LI-Hybrid