Exide Technologies Information Security and Compliance Analyst in Milton, Georgia
The information security & compliance analyst is responsible for providing technical guidance within an enterprise's information security & compliance environment and recommending security & compliance measures to safeguard its valuable information assets. For this reason, an up-to-date understanding of the latest security & compliance threats, trends and technologies is a crucial component of the position. The information security & compliance analyst is a senior member of the team and works closely with the other members of the team to develop and implement comprehensive information security & compliance program. This includes defining security & compliance policies, processes, and standards. The security & compliance analyst works with the IT department to select and deploy technical controls to meet specific security & compliance requirements and defines processes and standards to ensure that security configurations are maintained. The analyst will also act as a liaison between the IT Governance & Compliance management team and other enterprise architects, infrastructure and applications teams and must have tactical hands-on experience.
To perform this job successfully an individual must be able to perform each duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Works with IT Governance & Compliance leadership to develop strategies and plans to enforce security & compliance requirements and address identified risks.
Improvement of overall security health metric for network and endpoint security tools.
Develops a common set of security tools. Defines operational parameters for their use, and conducts reviews of tool output.
Researches evaluate, designs, tests recommends and plans the implementation of new or updated information security technologies including developing business cases for security investments.
Assists in the development of security architecture and security & compliance policies, principles, and standards.
Coordination and completion of information security & compliance operations documentation.
Researches and assesses new threats and security alerts, and recommends remedial actions.
Reports to Exide Technologies IT management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
Plays an advisory role in application development, acquisition, and Infrastructure projects to assess security & compliance requirements and controls and to ensure that security & compliance controls are implemented as planned.
Collaborates on critical IT projects to ensure that security & compliance issues addressed throughout the project life cycle.
Develops security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
Maintain a complete set of Information security & compliance policies to meet regulatory requirements and withstand audits.
Defines testing criteria for systems and applications.
Works with external partners on deploying, tuning and running vulnerability-scanning and penetration-testing tools to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
Assists IT staff in the resolution of reported security incidents.
Participates in security investigations and compliance reviews, as requested by internal or external auditors.
Manages the relationship with the audit group. Receives audit findings, and manages the collection of responses and remediation plans with owners.
Provides oversight and management of audit finding remediation.
Supports e-discovery processes to include identification, collection, preservation, and processing of relevant data.
The requirements listed are representative of the knowledge, skill, and/or ability required.
Minimum six years of combined experience in Information security, compliance, technology audit, or a related field.
CISSP or Industry-standard information security certification.
NIST, CSA CCM experience a plus.
Experience working in a collaborative team environment.
Strong written and verbal communication skills
In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business, needs to security controls.
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Experience with common information security & compliance management frameworks, such as ISO 2700x, ITIL, COBIT, and NIST.
Basic understanding of GDPR compliance.
Basic understanding of business applications and financial systems.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Excellent technical knowledge of a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
Experience in developing, documenting and maintaining security & compliance policies, processes, procedures, and standards.
Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
Audit or governance experience is preferred.
- Has the ability to work with all levels of the business or external customers/suppliers involved in the projects. Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; talks and acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.
- No supervision is anticipated
EDUCATION AND/OR EXPERIENCE:
- Preferred: Bachelor’s degree, preferably in Computer Science or Information Systems or a related field
- Required: English. Ability to read, analyze and interpret requirements documents, industry periodicals, professional journals, technical procedures or government regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers or suppliers.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee frequently is required to stand; walk; use hands to finger, handle, or feel; and reach with hands and arms. Specific vision abilities required by this job include close vision and ability to adjust focus.
- Minimal travel is anticipated for this position (20%).
Exide Technologies is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Exide Technologies (www.exide.com) is a global provider of stored electrical-energy solutions for the transportation and industrial markets. Exide’s 130 years of technology innovation combined with operations in more than 80 countries enables the company to deliver compelling solutions for the world’s current and future power needs. Exide produces and recycles a broad range of products, serving the Transportation, Industrial Network Power and Motive Power market segments with battery and energy storage systems and specialty applications for a broad range of industries including: agricultural, automotive, electric, light and heavy-duty truck, marine, materials handling, military, mining, powersport, railroad, security, telecommunications, utility and uninterruptible power supply (UPS), among others. Exide is Powering the World Forward - history and scale combined with a start-up mentality make Exide the right choice for customers who want more than simply a battery supplier.
Requisition ID 2019-2464
Category Information Technology
Position Type Regular Full-Time