Senior IT Security and Compliance Analyst

TransPerfect is seeking a Senior IT Security and Compliance Analyst, able to develop a strong understanding of company security policies, procedures, technologies, system deployment methodologies, configuration, change management, patch management, monitoring and reporting, as well as the ability to recommend changes in the system as needed. The successful candidate will also provide support to planning, designing and implementing security controls which safeguard and monitor events for information systems, enterprise applications and data.

Description:

• Coordinate internal/external teams to ensure successful completion of company technology audits and security assessments
• Understand company information security program, technologies and underline controls to respond to RFPs/RFIs, including producing client facing technical responses to questions posed by clients regarding security
• Actively seek out and implement new ways to improve our process
• Assist senior team in yearly deliverables for revision of IT security policies, procedures and security certification projects etc.
• Actively monitor reputable outside sources for vulnerability information and outbreaks, and update the teams with any potential impact on TransPerfect's data/assets
• Assist in conducting yearly risk assessment and tabletop exercises for better incident response management
• Coordinate with IT and Solution Engineers to conduct vulnerability scans, penetration tests and ensure remediation action plans
• Assist in technical aspects of security compliance (e.g. PCI, SOC 2, ISO 27001)
• Review and recommend new security products as necessary, conduct regular audits of systems to ensure security standards and process are being followed, and manage internal and external security audit interaction

Required Skills and Experience:

• More than 5 years of experience in IT security/compliance
• Hands on experience of managing technical technology audits
• Strong system information security experience including application, database, network and infrastructure security
• Strong written and verbal ability to communicate technical and security-related concepts to a broad range of technical and non- technical staff, clients
• Strong understanding of common security tools, e.g. vulnerability scanning, IDS/IPS, Data Leakage prevention, Anti-Virus, SIEM and penetration testing tools etc.
• Must be able to understand what it means to perform:

1. network-based security assessments
2. security scanning on Internet-facing applications
3. security assessments on software applications
4. static and dynamic source code reviews
5. vulnerability assessments across public networks
6. server hardening assessments

• Must be familiar with network, system, application databases basic concepts, protocols and security procedures
• Ability to work independently and with teams
• Creative self-starter with a strong work ethic
• Master's/Bachelor's degree in computer sciences/technology preferred information/cyber security
• Superior written and spoken communication skills in English