Policy Analyst

RESPONSIBILITIES:

Develop and review information security policies, standards, and guidelines based on industry best practices, regulatory requirements, and organizational objectives.

Conduct thorough assessments of existing security policies and procedures, identifying gaps and recommending improvements.

Collaborate with stakeholders across various departments to gather input and ensure alignment with business needs.

Stay informed about the latest information security threats, vulnerabilities, and industry trends to proactively identify areas of improvement.

Perform risk assessments and analysis to identify potential security risks and develop appropriate mitigation strategies.

Assist in the creation and maintenance of security awareness training programs for employees to promote a culture of security awareness.

Monitor compliance with information security policies, identifying areas of non-compliance and implementing corrective actions.

Provide guidance and support to IT teams and other relevant stakeholders regarding policy implementation and adherence.

Participate in incident response activities, assisting in investigations, documentation, and remediation efforts.

Conduct periodic reviews and audits of security controls to ensure ongoing effectiveness and compliance.

REQUIREMENTS:

Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CISA) are a plus.

Proven experience as a Policy Analyst or similar role in the field of information security.

Strong knowledge of information security principles, frameworks, and standards (e.g., ISO 27001, NIST Cybersecurity Framework).

Familiarity with regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS) and their impact on information security policies.

Proficiency in conducting risk assessments and applying risk management methodologies.

Excellent analytical and problem-solving skills, with the ability to identify vulnerabilities and develop effective solutions.

Strong written and verbal communication skills, including the ability to present complex information to non-technical stakeholders.

Ability to collaborate and work effectively with cross-functional teams and stakeholders at various levels of the organization.

Familiarity with security technologies, tools, and controls, such as firewalls, intrusion detection systems, and vulnerability scanners.

Understanding of incident response procedures and experience in participating in incident investigations.

High level of integrity, ethics, and a commitment to maintaining the confidentiality and security of sensitive information.