Cybersecurity Compliance Analyst
Cybersecurity Compliance Analyst is responsible for the development and implementation of cybersecurity policies and procedures at Ceridian. They will maintain a comprehensive due diligence review process and support the exception management practice. Producing metrics and reporting, as well as improving the program maturity will be required of this role. This role requires knowledge of the technology & cybersecurity ecosystem and will assist in managing complex, high-profile initiatives.
Policy & Standard Management
- Responsible for ensuring Ceridian's cybersecurity program aligns with commonly accepted frameworks such as ISO and NIST.
- Contribute to the changes in Ceridian's entire suite of cybersecurity policies & standards.
- Author and maintain cybersecurity standards operating procedures.
- Stay abreast of changes to ISO and NIST frameworks to ensure Ceridian's cybersecurity program adjusts accordingly.
- Interface and coordinate with vendor and supplier organizations to ensure their cybersecurity frameworks adequately support Ceridian's requirements.
- Produce cybersecurity framework documentation for customer due diligence assessments of Ceridian.
Due Diligence & Exception Management
- Establish close working relationships the following stakeholders:
- Product & application development teams (to assess code vulnerabilities)
- Infrastructure & hosting teams (to assess technical vulnerabilities)
- Employees (to assess end user technology threats)
- Vendor/Partners (to assess security program weaknesses)
- Review and analyze all security vulnerability data:
- to identify applicability and false positives;
- and coordinate with appropriate stakeholders to assist in identifying mitigation strategies or ensure exceptions are granted and documented fully.
- Represent cybersecurity organization when assessing risk and grant exceptions based on defined tolerance levels.
- Ensure exceptions for all product and application vulnerabilities are thoroughly documented.
Reporting & Documentation
- Establish and maintain comprehensive documentation for the following areas:
- Cybersecurity marketing documentation (i.e. program defense-in-depth visuals)
- Customer facing materials (i.e. cybersecurity program overview, penetration tests & vulnerability scan summaries)
- Vendor/Partner minimum security requirements lists
- Secure code practices
- Infrastructure configuration & hardening practices
- Cybersecurity Standard Operating Procedures (SOPs) & Service Catalog
- Produce reports and conduct management briefings on program maturity.
- Establish and maintain formal cybersecurity:
- exception management scorecard and reporting cadence.
- program maturity assessments (i.e. internal and external assessments)
- Render expertise and guidance to development and infrastructure teams regarding intrusion methods.
- Provide weekly status report on recent accomplishments and future activities.
Education & Certification
- College diploma or university degree and/or 2 years equivalent work experience.
- One or more of the following certifications is desired but not required:
- (ISC)2 CISSP
- (ISC)2 ISSAP
- (ISC)2 SCCP
- MCSE (Microsoft Certified Systems Engineer): Security
- GIAC Security Leadership Certification
- ISACA Certified Information Security Manager
Knowledge & Experience
- Knowledge of security industry including development of new attacks & threat vectors.
- Knowledge of security technologies including firewalls, IPS, WAF, SEIM, CASB.
- Knowledge of network technologies including routers, switches, load balancers and network administration protocols.
- Technically fluent in common operating systems including Microsoft, Unix/Linux and Mac OS.
- Ability to solve complex technical problems and articulate to non-IT personnel.
- Extremely responsive and organized.
- Proven ability to prioritize and deliver on projects and initiatives in a high-pressure environment.
- Proven analytical and problem-solving abilities.
- Excellent written, oral, and interpersonal communication skills.
- Creative aptitude with the ability to design threat models.
- Strong business acumen with the ability to present ideas in a user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
- Flexible on-site or remote work.
- Occasional travel may be required.
- Sitting for extended periods of time.
- Sufficient dexterity of hands and fingers to efficiently operate a computer keyboard, mouse, power tools, and other computer components.