SOC Audit and Compliance Analyst [OneIT]

at  WSP

THE OPPORTUNITY:

The Global Senior Compliance Support Analyst will have multiple security related roles within the organization. Their main goal will be to improve the existing and provide a more secure computing environment for the organization to conduct their business. The global security operations team will have overlapping duties however each role will have more specifically focused duties. As such, the role and essential duties will fit into the below classifications most closely.
They must learn how to prepare the requested documentation for different Global SOC processes necessary for WSP compliance. They will actively support the SOC Managers for designing the requested documentation for different compliance processes (ITGC – IT General computers Control, ISO 27001 – Information Security Management Process, Privileged Access Management, Vulnerability Management, Identity Governance, Integrated Organizations Compliance, Metrics and Compliance reports/dashboards)

Under the guidance of the SOC (Security Operations Centre) Compliance Manager, assist with analysis, mitigation, escalation and processing of; but not limited to the below.

Specific areas of responsibility may fall into any one of the following areas of Security Operations, as assigned by the SOC Compliance Manager or other SOC team Leaders, Managers or senior members.

• Lead the continuous improvement of the Global SOC Information Security Management System (ISMS) in line with the applicable security and business requirements and regulations, ensuring that changes done are approved and managed in transparency with all stakeholders.
• Contribute to the ISO 27001 multi-site certification and other transversal programs where Global SOC is involved;
• Monitor compliance with local and industry specific regulations (ISO27001, 52-109 ITGC, …) and participate in internal or external audits;
• Advise on design and implements Identity Governance and User Lifecycle Management processes /activities in line with the SOC projects;
• Perform ISO27001 gap assessments/implementation and internal audit activities related to Global SOC;
• Design related processes documentation;
• Advise on design, design and implements Information Security Frameworks for different compliance tasks/documentation review processes / ongoing internal or external audits;
• Support, collects and prepare required evidence during Compliance audit activities (external and internal);

• Design Security Awareness materials (procedures/presentations/training materials);Support, collects and deliver analysis required for metrics and reporting dashboards;