The Senior Risk and Information Security Analyst works as part of a team responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion.  This selected candidatee will serve as an internal information security consultant and will be responsible for designing, implementing, supporting and maintaining policies and security solutions in both operational and customer hosted environments.

This position demands an organized, action oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.

Primary responsibilities include providing support for SSAE16 SOC 1 and SOC 2 exams and monitoring control activities in certified environments. 

RESPONSIBILITIES:

• Provide expertise and support in customer hosted environments to ensure control activities are designed appropriately to protect the security,confidentiality, privacy, integrity and availability of data in compliance with organization policies and standards.
• Conduct risk assessments in SSAE16 SOC 1 and SOC 2 environments and collect evidence in support of audits.
• Assist external auditors in support of yearly audits to ensure positive results
• Provide expertise and support to ensure company’s security framework remains in compliance with applicable regulations including evolving data privacy regulations
• Serve as Security Committee secretary, setting agenda, keeping minutes, tracking issues, and drafting quarterly reports
• Support third party security risk assessments and IT audit, and provide tracking for findings and resolution
• Support the development, implementation, and updating of security policies and procedures
• Support the management of security awareness training program
• Provide expertise in support of new product development activities to ensure products comply with information security and privacy standards
• Support discussions with prospects and existing clients looking to better understand how Kronos ensures the security of their data within our hosted environments.
• Perform additional duties and projects as assigned by management
• Monitor compliance with information security policies and procedures, referring problems to the appropriate department manager
• Monitor internal control systems to ensure that appropriate access levels are maintained
• Provide information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information

QUALIFICATIONS:

• BS/BA degree in Computer Science or related discipline or equivalent experience and a minimum of 5 years related
  work experience in information security governance and/or related functions (such as IT audit and IT Risk Management)
• Experience preparing for SAS 70, SSAE16 SOC 1 or SOC 2 Audits
• Demonstrated experience leading an organization through an external audit and providing the program management and
  cross functional leadership to address known weaknesses.
• Demonstrated experience managing projects related to security, audit and compliance including new product and
  infrastructure related roll-outs.
• Demonstrated experience with information security management frameworks such as ISO, ITIL, CobiT,
  NIST to include development of policies, process and procedures within the environment
• Demonstrated experience designing and implementing controls within corporate networks to include computer/network
  security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN inter-networking protocols such as TCP/IP and network perimeter protection (firewalls)
• Demonstrated experience working as an expert in information security related risk, regulatory, audit, and compliance requirements (SOX, MA Privacy, PCI DSS, HIPAA)
• Strong verbal and written communication skills to develop positive relationships and effectively
  communicate with internal customers, external auditors and all levels of management
• Able to travel do up to 25% travel
• CISA, CISM, CRISC, CISSP, or similar security certification  preferred