Security Analyst

at  AAFCPAS INC

AAFCPAs is an innovative and forward-thinking firm. We have enjoyed primarily organic growth and continue our laser focus on sustained growth as an independent regional firm. We are considered an attractive alternative to the Big 4 and National CPA firms. We provide best-value assurance, tax, outsourced accounting, business consulting, information technology advisory solutions, and wealth management services to nonprofit organizations, commercial companies, wealthy individuals, and estates. Since 1973, AAFCPAs sincere approach to business and service excellence has attracted discerning clients along with the best and brightest CPA and consulting professionals. AAFCPAs donates 10% of its net profits annually to nonprofit organizations. We have an active DE&I committee and have commitment and accountability to these efforts.
AAFCPAs is an independent member of PrimeGlobal, the fourth largest CPA firm association in the world with 300+ member firms in 80+ countries. This provides our clients with seamless national and global coverage, along with an advantageous pay-as-you-use model.
We are seeking a Security Compliance Analyst with SOC / NIST-CSF experience. You will work directly with leadership, technical control owners, and external providers to manage the internal security services of the firm.
Sitting within the Information Technology Team, this role will involve a robust understanding of security requirements, knowledge of how-to best evidence control activity, and the ability to coordinate walkthroughs and sample collection across a number of stakeholders.

Job Duties include but not limited to:

• Establishing security framework and supporting application election.
• Establish and maintain a vendor management program.
• Guiding and publishing security documentation and evidence management.
• Facilitating and maintaining established controls.
• Perform threat and vulnerability analysis.
• Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends.
• Analysis and advising or response to previously unknown hardware and software vulnerabilities.
• Preparing and Supporting Technical Business Continuity plans.

Skills & Requirements

• 3+ years of experience in a compliance, security, or IT security role.
• Experience implementing, auditing, or consulting on SOC / NIST-CSF in a medium to large organization.
• Knowledge of common controls, technical implementation, and security processes.
• Strong written and verbal communication with the ability to converse effectively at all levels of seniority, both internally and externally.
• Excellent problem solving, organizational skills, and attention to detail.
• Academic degree, preferably in a technical subject or equivalent education.
• Optional but Preferred: CISA, CRISC, CISSP or similar.

Competitive salary along with a comprehensive benefits package that includes subsidized medical and dental, 401(k) savings plan, life insurance, and short-term and long-term disability, plus more.
All your information will be kept confidential according to EEO guidelines.
AAFCPAs is an equal opportunity employer and is committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity or expression, age, marital status, veteran status, disability status, pregnancy, parental status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. Accommodations are available for applicants with disabilities.

• Establishing security framework and supporting application election.
• Establish and maintain a vendor management program.
• Guiding and publishing security documentation and evidence management.
• Facilitating and maintaining established controls.
• Perform threat and vulnerability analysis.
• Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends.
• Analysis and advising or response to previously unknown hardware and software vulnerabilities.
• Preparing and Supporting Technical Business Continuity plans