PERMANENT WFH: Sr. Information Security Analyst

Company Description

Nowcom is a leading provider of automotive dealer management solutions (DMS), specifically catering to the independent automobile dealer's needs. DealerCenter is Nowcom's all in one dealer management software solution that gives the dealer total control over their sales, inventory, insurance offerings, and financing through a web-based platform. As an authorized credit reseller, Nowcom provides dealerships access to all three major credit bureaus. DealerCenter.com is utilized by over 19,000 dealerships across the United States.

Additionally, as a part of the Hankey Group of Companies, Nowcom provides infrastructure support, custom software development, and call center services to its seven sister companies. Along with the other companies in the organization, Nowcom has experienced 20% growth YoY over the last decade. The Hankey Group employs over 3000 people and has assets exceeding $25 billion (USD). Nowcom has 4 offices in four countries across the globe, India, Philippines, Korea and United States.

Sr. Information Security Analyst

We are seeking an Sr. Information Security Analyst to become a key member of our international information security group. This job requires the ability to work as part of a team that is responsible for the information security program across multiple affiliated companies, primarily in the United States, with subsidiaries outside USA. The Information Security Analyst oversees all affiliated companies'compliance mandates, Information Security policies, plans and procedures. The analyst will review, modify, and update existing policies, plans and procedure to meet and comply with Federal, State, industry standards and relevant contractual cyber security requirements, implement and assess technical controls, audit the organization based on all applicable frameworks and requirements. The ideal candidate is someone that has a passion for dissecting complex Information Security challenges, analyzing varieties of requirements, and designing pragmatic policies and controls to protect our organization's information systems and data.

Essential Duties and Responsibilities, but not limited to:

• Conduct monthly, quarterly, semi-annual, and annual audits/assessment to satisfy PCI DSS, GLBA, FCRA and ISO270001.
• Research and perform gap analysis over existing and new cyber security laws, industry compliance regulations and policies to correlate the result with our security doctrine coverage.
• Evaluate compliance with regulatory requirements and business requirements including, but not limited to, GLBA, FCRA, PCI-DSS, EI3PA/ISO27k.
• Perform an impact analysis and enterprise risk assessment over covered requirements from operational and business feasibility.
• Assist in the design, implementation, and maintenance of security controls for cloud and on-premises environments.
• Provide technical expertise in network security, endpoint protection, and identity & access management (IAM).
• Support secure configuration of firewalls, intrusion detection/prevention systems, and other security technologies.
• Develop, implement, and communicate security policies, procedures, standards, best practices, guidance, and controls.
• Assist with planning and administration of phishing campaigns and cybersecurity awareness training.
• Plan and execute business continuity and disaster recovery exercises based on security incident.
• Manage technical, operational, and administrative projects across the Enterprise.
• Educate and guide employees on industry compliance requirements.
• Actively participate in the development of the information security and security awareness training program.
• Facilitate control testing in form of vulnerability assessment, risk assessments, penetration, and social engineering testing.
• Work with different IT disciplines on remediation efforts to correct identified weaknesses.
• Monitor security logs, alerts, and reports from SIEM tools and other security systems.
• Investigate security incidents, conduct root cause analysis, and implement corrective actions. Understand and implement incident handling procedures/playbooks.

Position Requirements:

• Bachelor's Degree from a four-year college in Cybersecurity, Computer Science, Information Technology, (or equivalent experience).
• Minimum 10+ years in Information Security domain.
• Excellent in written and verbal communication skills.
• Excellent in writing and reading English.
• Detail oriented and ability to focus on granular level compliance and security issues.
• Ability to work well on a collaborative team and influence others without direct authority.

Desired Qualifications:

• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), or PCI Internal Security Assessor (ISA) rating is desired.
• Master's Degree in law, compliance, or equivalent degree.
• Experience in Financial Institution operations and environment.
• Two to three years' project management experience is highly desired; PM certification a plus.