Security & Compliance Analyst

FHI 360 staff working in the United States are required to be fully vaccinated for COVID-19, regardless of the type of project or client they serve, or of their employment status (full/part-time, remote, telework, or in-office), unless an accommodation applies. FHI 360 complies with federal, state, and local laws with regard to accommodations related to this policy. Full vaccination is currently defined as two weeks after the second dose in a two-dose series, such as the Pfizer-BioNTech or Moderna vaccine, or two weeks after a single-dose vaccine, such as Johnson & Johnson’s Janssen vaccine. Booster doses are not required at this time. Job Summary: Collaborate cross-functionally throughout the organization to execute processes to safeguard sensitive information and serve as a senior resource for InfoSec program activities which include engaging business and information technology leadership. Performs information security incident management, risk assessments and cyber security audits. Develops information system security plans, documentation, and able to perform project management functions. Accountabilities: Perform information security incident management, respond to breaches, identify intrusions, and apply counter measures to remediate a cyber security issue. Research information security issues, including review of system logs, and proposes solutions to address vulnerabilities. Perform requirements gathering and technical reviews for information security-related projects. Participates in processes involved in design of work / technology to ensure information security aspects are considered. Develops and documents processes and procedures. Collaborate cross-functionally throughout the organization to execute processes to safeguard sensitive information and serve as a senior resource for InfoSec program activities which include engaging business and information technology leadership. Conducts periodic reviews of Information Technology General Controls (ITGC) compliance. Participates in vulnerability assessments of systems and applications. Owns all aspects of the assignments, including internal and external relationships, licensing, budgeting, etc. Performs other duties assigned. Applied Knowledge & Skills: Is curious and have a ‘detective’ mindset. Thorough understanding of information security and assurance concepts, including information security standards such as NIST 800-53 and ISO 2700x. Must have experience with project management and can see a multi-faceted global project through to completion. Working knowledge networks, servers, firewalls, websites, in context of troubleshooting. Must be able to communicate, in writing and verbally, with people who have varying degrees of technical expertise. Can develop appropriate information security controls and countermeasures to intercept and prevent internal or external attempts or attacks to compromise company’s computing environment. Expert level understanding of auditing for appropriateness of information security controls. Thorough understanding of penetration testing and vulnerability assessments of applications, operating systems and/or networks. Able to independently research and evaluate cybersecurity threats and performs root cause analysis. Must have organizational skills and capable of prioritization of work as assigned. Problem Solving & Impact: Passionate about information security and sharing related knowledge. Has a “detective” mindset and works on complex problems requiring analysis and review of factors. Exercises judgment within defined procedures and practices to obtain results. Supervision Given/Received: Expected to mentor and supervise junior staff and/interns. Education: Bachelor's Degree or its International Equivalent • Computer Science, Information Technology Disciplines or Related Field. Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA) highly desirable. Experience: Typically requires 8 years of experience with security and compliance communication technologies. Must be able to read, write and speak fluent English; fluent in host country language as required. Prior work experience in information security organizations is a plus. Typical Physical Demands: Remote office environment. Ability to sit/stand for extended periods of time. Ability to lift 5-50 lbs. Technology to be Used: Personal Computer, Microsoft Office (i.e. Word, Excel, PowerPoint, etc.), e-mail, telephone, printer, calculator, copier, cell phones, PDAs and other hand held devices. Travel Requirements: Less than 10% This job posting summarizes the main duties of the job. It neither prescribes nor restricts the exact tasks that may be assigned to carry out these duties. This document should not be construed in any way to represent a contract of employment. Management reserves the right to review and revise this document at any time. FHI 360 is an equal opportunity and affirmative action employer whereby we do not engage in practices that discriminate against any person employed or seeking employment based on race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, marital status, physical or mental disability, protected Veteran status, or any other characteristic protected under applicable law. FHI 360 will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. FHI 360 fosters the strength and health of its workforce through a competitive benefits package, professional development and policies and programs that support a healthy work/life balance. Join our global workforce to make a positive difference for others — and yourself. Please click here to continue searching FHI 360's Career Portal. FHI 360 is a nonprofit human development organization dedicated to improving lives in lasting ways by advancing integrated, locally driven solutions. Our staff includes experts in health, education, nutrition, environment, economic development, civil society, gender, youth, research, technology, communication and social marketing — creating a unique mix of capabilities to address today's interrelated development challenges. FHI 360 serves more than 60 countries and all U.S. states and territories. As we evolve to meet the challenges of the future, we stand committed to the principles that have guided our organization for the last 40 years. Our work continues to be grounded in research and science, strengthened by partnerships and focused on building the capacity of individuals, communities and countries to succeed. FHI 360 staff working in the United States are required to be fully vaccinated for COVID-19, regardless of the type of project or client they serve, or of their employment status (full/part-time, remote, telework, or in-office), unless an accommodation applies. FHI 360 complies with federal, state, and local laws with regard to accommodations related to this policy. FHI 360 is an equal opportunity and affirmative action employer whereby we do not engage in practices that discriminate against any person employed or seeking employment based on race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, marital status, physical or mental disability, protected Veteran status, or any other characteristic protected under applicable law. FHI 360 fosters the strength and health of its workforce through a competitive benefits package, professional development and policies and programs that support a healthy work/life balance. FHI 360 will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. FHI 360 will never ask you for your career site username or password, and we will never request money, goods or services during the application, recruitment or employment process. If you have questions or concerns about correspondence from us, please email CareerCenterSupport@fhi360.org.