Are you ready to join an inclusive work environment, contribute to our dynamic teams and "Seek and Achieve Excellence" in all you do? We are SBA Communications, (SBA) a leading independent owner and operator of wireless communications infrastructure across North, Central and South America. Our mission is to be our customers' first-choice provider of wireless infrastructure solutions.
As a member of our team, you will be inspired by our Guiding Principles; Integrity, Work Ethic, Ownership Mindset, Quality, Customer Service, Innovation and Collegiality. If you are challenged by the opportunity to stretch and grow yourself and your career, then SBA Communications can help you “Reach New Heights”.
Join our Commitment to "Building Better Wireless" and apply or text keyword Corpsba to 313131
The Information Security Compliance Analyst mostly focuses on facilitating IT security and compliance with the Sarbanes-Oxley Act, and identifying, assessing, and protecting the environment from information security risks. The Information Security Compliance Analyst must have a strong background in information technology with a clear understanding of the challenges of information security.
Essential Duties & Responsibilities:
Oversee and coordinate IT audit requests and evidence in partnership with Internal Audit to facilitate compliance with Sarbanes-Oxley.
Conduct information security training and awareness activities, including phishing and other social engineering campaigns for the end user community.
Conduct information security risk and maturity assessments as required helping prioritize and remediate enterprise risk.
Oversee and facilitate IT third party management activities including onboarding, monitoring, and off boarding protocols.
Leverage information security technologies as necessary to identify and remediate risk posed to the environment.
Interact with IT and enterprise teams to minimize risk to the environment.
Oversee and manage IT GRC activities through use of GRC technology.
Maintain departmental IT security and compliance documentation and standard operating procedures.
Participate in incident response and recovery activities.
Familiarity with GRC concepts and the NIST Cybersecurity Framework.
Build understanding and awareness of security issues throughout the organization, must have excellent communication and presentation skills.
Must be a good team player.
Review security configuration and updates to ensure software and infrastructure are protected.
Ensure compliance with all applicable measurements and production reporting and policies.
Work with other teams to manage the proper transition of security projects into production.
Ensure the complete and proactive protection of all corporate data and systems.
Ensure complete issue tracking, provide feedback, and report results as accomplished.
Responsible for the acceptance and delivery of all projects and tasks related to security operations.
Other projects and duties as assigned.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and/or Experience:
Bachelor degree in MIS, Computer Science, or Business, CISSP, CISA, CIA preferred.
5+ years’ technical experience providing security governance, risk, and compliance services in support of a medium to large multi-location organization. IT auditing experience required, “Big 4” background is preferred.
Demonstrated knowledge with the use and deployment of the Kali Linux product suite, including familiarity with the Metasploit framework and open source technologies.
Demonstrated knowledge working with a VSOC solution provider to manage the environment and relationship.
Experience with information security technologies, SIEM, Cyber Threat Intelligence, Security Awareness is preferred.
Knowledge of network security, i.e. firewalls, network intrusion prevention, vulnerability testing, authentication and encryption is preferred.
Knowledge of Cisco, Citrix, Exchange, Active Directory, HP SAN technology, Microsoft Cluster solutions, HP 3PAR SAN’s, Project, Visio and network monitoring solutions is preferred.
Ability to read and interpret documents such as safety rules, operating and maintenance instructions and procedure manuals.
Excellent written, verbal, interpersonal, and problem solving skills with a high degree of integrity and discretion and the ability to multi-task.
Spanish or Portuguese a plus.