With over 20 years in the managed IT services industry, First National Technology Solutions (FNTS) is a leading provider of flexible, customized hosted and remotely managed services. Operating a state-of-the-art data center and offering customized solutions and best-of-breed technology, FNTS is a nationally recognized leader in managed IT services. With a classic Midwest culture, FNTS employs an expert team who place high value on work ethics and personalized customer service.
FNTS is a subsidiary of First National of Nebraska Inc. (FNNI), a $20 billion multi-state holding company headquartered in Omaha, Nebraska, with a strong heritage of banking excellence that dates back more than 150 years.
FNTS is seeking an experienced and motivated self-starter to join our team as an IT Security Risk & Compliance Analyst II. The ideal candidate is driven by identifying and reducing organizational risks through the compliance and governance program to ensure the organization meets requirements. This position functions as a team member in the FNTS Information Security Department, reporting to the Sr. Director. The Analyst II assists with the successful completion of annual audits including, but not limited to: PCI-DSS, SSAE 18 SOC 2, FFIEC, HIPAA, CSA, and GDPR. The Analyst II will also lead the review/creation of procedures, implementation of processes, enforcement of computer system security configurations and solutions across internal and client environments in order to ensure the protection of confidential information. The Analyst II will also be instrumental in the maturation of an internal control testing framework, implementing and maintaining the eGRC solution, and assist performing various risk assessments. Other responsibilities include assessing IT risks, evaluating controls, designing appropriate IT audit testing and staying abreast of the changing compliance/governance landscape.
Serve as a lead or primary point of contact for company audits including, but not limited to: PCI-DSS, SSAE 18 SOC 2, FFIEC, HIPAA, CSA, & GDPR
Assist with the maturation of the governance and compliance program and common control testing framework(s)
Execute compliance-related audits at supervisor's direction, lead/plan testing and compile evidence
Advise on updated laws, regulations and frameworks that have the potential to impact the governance and compliance program
Work closely with external/internal audit and multiple internal technical teams to gather audit evidence
Evaluate and determine control effectiveness (design and operating)
Maintain the eGRC solution
Develop and maintain quarterly audit updates/reporting
Explain complex information to others, including new controls, requirements and evidence material
Provide audit guidance and respond to customer inquiries, as needed
Assist with documenting and reporting actual or potential information security violations
Provide governance and compliance consulting to the business, and recommend steps to mitigate potential exceptions
Revise and update security policies and standards documentation
Solve problems in straightforward situations and within guidelines
Monitor systems for compliance to Information Security Policy and Standards
Serve as a compliance resource and fully understand Company goals and department accountabilities.
Other duties as assigned
Candidates should have a deep understanding of information security concepts and controls, as well as conducting audits and assessments in conjunction with external/internal audit. Ideal candidates will have experience performing PCI-DSS, SSAE 18 SOC 2, HIPAA, FFIEC, CSA, and/or GDPR audits. Candidates without a security certification will be seriously considered, if technical and information security experience can be demonstrated.
2+ years professional experience performing one or more of the following audits: PCI-DSS, SSAE 18 SOC 2, HIPAA, FFIEC, CSA or GDPR
2+ years professional experience working in a technical team environment
Experience and ability to develop policies or procedures to support an organization's information security and compliance program
Experience with an eGRC or reporting tool, such as Archer, LockPath, OnSpring or equivalent.
Ability to support information security regulatory and policy compliance activities (knowledge of SSAE 18 SOC 2, HIPAA, NIST, COBIT, ISO, PCI-DSS, FFIEC, GDPR, and other applicable laws, regulations, and rules)
Experience with Windows and Linux operation systems
Strong analytical and troubleshooting skills
Ability to organize and prioritize the workload by handling multiple projects simultaneously while being able to deal with frequent interruptions and a high pressure environment
Self-motivated, innovative, and high degree of initiative. Ability to work independently with minimal supervision and direction
Must have effective verbal and written communication skills
Bachelor's degree in Computer Science, MIS, Information Assurance, or other technology-related field or equivalent number of years of experience
One or more information security certifications
GIAC, CRISC, CISSP, PCI-ISA/PCIP, CCSP, CISA, CHP, Security +, or other security certifications
An understanding of a wide array of enterprise grade environments, applications and tools, including but not limited to:
Microsoft Server, RHEL, Azure, AWS, SharePoint, Active Directory, Shavlik, SQL, RSA, and others
Experience auditing/maintaining compliance/governance in a multi-tenant service provider environment, including knowledge of cloud deployments: private, public, and hybrid
Experience with greenfield environments and zero-trust principle implementation and enforcement
Knowledge of one or more language:
Bash, PowerShell, Python, Perl, or equivalent
Understanding of network architecture and implementation
Experience performing audits with multiple technologies, including but not limited to:
Windows, Linux, IBM z/OS, IBM AS400, Cisco, CheckPoint, VMWare, NSX/ACI, and EMC