> job detail
N
👽Other
Senior Information Security Analyst, CX
NICE · USA - Sandy, UT
// classified as
Other (Adjacent or hard to classify.)
posted
2d ago
location
USA - Sandy, UT
languages
—
tools
—
> description
<div class="content-intro"><p>At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you.</p></div><h2 class="s3"><span class="s2">Senior Information Security Analyst</span></h2>
<p class="s3"><strong><span class="s2">So, what’s the role all about?</span></strong></p>
<p class="s3">The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as SOC, FedRAMP, PCI, ISO 27001, ISO 27701, ISO 42001, BSI C5, HITRUST, etc. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also focusing on related information security initiatives. </p>
<p class="s3"><strong><span class="s2">How will you make an impact? </span> </strong></p>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Gap Assessments: Facilitate and/or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO 27001,<span class="Apple-converted-space"> </span>StateRAMP, etc. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Framework Tracking: Monitor updates to Cyber Essentials, ISO, and regulatory frameworks and ensure internal alignment. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Control Documentation: Develop and maintain control narratives, walkthroughs, and documentation of compliance processes. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Audit Findings: Identify control deficiencies and work with stakeholders to recommend cost-effective, value-added remediation actions. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Compliance Reporting: Draft audit reports and present findings to management during status updates and closing meetings. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>External Audit Coordination: Collaborate with external audit teams to streamline processes and provide requested documentation and evidence. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Security Monitoring: Use tools such as Rapid7<span class="Apple-converted-space"> </span>InsightIDR<span class="Apple-converted-space"> </span>or other SIEM solutions to assist with security monitoring and incident detection. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Incident Response Support: Participate in incident response efforts,<span class="Apple-converted-space"> </span>documenting<span class="Apple-converted-space"> </span>security incidents and assisting in containment and recovery actions. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Threat Identification: Contribute to analyzing cybersecurity threats and implementing recommendations to improve the security posture. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Policy and Procedure Development: Assist in creating and refining cybersecurity policies and operational procedures to align with audit and compliance objectives. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Vulnerability Management: Support the tracking and remediation of vulnerabilities in coordination with IT and Security Operations teams. </div>
<p class="s3"><span class="s2"> </span></p>
<p class="s3"><strong><span class="s2">Have you got what it takes?</span></strong></p>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Strong expertise in audit and compliance frameworks, including SOC, FedRAMP, PCI, ISO 27001, ISO 27701, ISO 42001, BSI C5, HITRUST, etc.</div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Familiarity with CSOC tools such as Rapid7<span class="Apple-converted-space"> </span>InsightIDR<span class="Apple-converted-space"> </span>or other SIEM solutions. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Hands-on experience in internal and external audits, compliance assessments, and process improvement. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Basic understanding of incident response frameworks and cybersecurity best practices. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Exceptional analytical, organizational, and communication skills. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Commitment to continuous learning and professional development in audit, compliance, and security. </div>
<p class="s3"><span class="s2"> </span></p>
<p class="s3"><strong><span class="s2">You will have an advantage if you also have:</span></strong></p>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>A<span class="Apple-converted-space"> </span>Master’s<span class="Apple-converted-space"> </span>degree in Cybersecurity, Risk Management, or related fields is a plus. </div>
<div class="s5"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Certifications (preferred or required): </div>
<div class="s6"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Certified Information Systems Auditor (CISA) </div>
<div class="s6"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Certified Information Security Manager (CISM) </div>
<div class="s6"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Certified Information Systems Security Professional (CISSP) </div>
<div class="s6"><span class="s4">▪<span class="Apple-converted-space"> </span></span>ISO 27001 Lead Auditor or Implementer </div>
<div class="s6"><span class="s4">▪<span class="Apple-converted-space"> </span></span>Cyber Essentials Assessor (or equivalent) </div>
<div class="s6"><span class="s4">▪<span class="Apple-converted-space"> </span></span>GIAC certifications (e.g., GIAC Certified Incident Handler - GCIH or GIAC Security Essentials - GSEC) </div>
<p class="s3"> </p><div class="content-conclusion"><p><em><strong>About NiCE </strong></em></p>
<p><em>NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions. </em></p>
<p><em>Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries. </em></p>
<p><em>NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.</em></p>
<p> </p></div>