Security Compliance Reporting & Control Analyst -IT:GIS:GO:SOS-P00049 - ARG000RU
The Security Compliance Reporting & Control Analyst for Security Operations Services (SOS) is responsible for maintaining and supporting our global services by conducting compliance reporting analysis in accordance with Information Security and Security Operations Services policies for the firm’s security applications which include Global Core Loadset (GCL), Symantec End Point Protection (SEP), System Center Configuration Manager (SCCM), Pretty Good Privacy (PGP), Symantec End Point Encryption (SEE), and Enhanced Mitigation Experience Toolkit (EMET) for desktops and Data Center Services (DCS), System Center Configuration Manager (SCCM), Symantec End Point Protection (SEP) and Satellite for Unix/Linux systems for servers.The role is accountable to and maintains a relationship with stakeholders and technical repository or shared IT database owners to provide a review of report findings and to highlight areas of concern or noted variances to established compliance policies. The role ascertains the viability of current processes and procedures against those compliance mandates and identifies areas for improvement in their automation processes to drive down security object noncompliance and improve tracking of assets. The role additionally recommends remediation in identified events of non-compliance. The role is an individual contributor managed by the Security Compliance Reporting & Control Team Lead in SOS.
Essential Functions of the Job
• Provides the day-to-day compliance reviews and aligned analytics for security applications in current use by key business units in EY to determine operating compliance with EY and IT security policies.
• Maintains appropriate oversight activities and a progressive ongoing development of knowledge of IT policies, procedures and standards for the global business applications and output reporting assigned to the role for review
• Investigates, identifies and documents compliance variances and overall review findings through formalized analysis and reporting.
• Examines the resulting reporting based on established criteria for compliance irregularities determined by IT and EY compliance directives.
• Reports identified variances to aligned stakeholders, as well as On Site Services (OSS) and senior leadership within IT management.
• Conducts and determines the root cause(s) of any variance to standard identified and recommends appropriate solutions to same.
• Provides a forward vision to identify best practices and opportunities for improvement in both the remit of the role and the reporting on the applications the role oversees. .
• Identifies potential areas to streamline processes or procedures in the aligned IT service environments including but not limited to Global Core Loadset (GCL), Symantec End Point Protection (SEP), System Center Configuration Manager (SCCM), Pretty Good Privacy (PGP), Symantec End Point Encryption (SEE), as well as Enhanced Mitigation Experience Toolkit (EMET) for desktops and Data Center Services (DCS), System Center Configuration Manager (SCCM), Symantec End Point Protection (SEP) and Satellite for Unix/Linux systems for servers. Ascertains areas to be prioritized, better organized, optimized or automated in their daily operations
• Assist in the design, documentation and implementation of automation and other efforts to drive efficiency in analysis techniques.
• Assist in recommending, developing, and implementing changes to procedures and systems used by Security Operations Services to enhance data security
• Supports and executes, as assigned, the independent work needed on basic project deliverables.
Knowledge and Skills Requirements
• Well defined analytical and problem solving skills to conduct effective report analysis so that key issues and variances to norm are properly identified and effective solutions are suggested. Uses reporting effectively to identify issues for solution or areas for improvement as well as to escalate findings to management on those issues that have wider impact.
• Strong interpersonal skills to adapt personal communication styles to the style of others, developing rapport across a globally diverse organization across IT. Able to staying calm under pressure, balance multiple projects effectively and to build and maintain SOS’s credibility in technical support.
• Solid time and project management skills to prioritize workload, lead aligned project teams and work through analytics with efficiency and minimal supervision.
• Strong oral and written communication skills in the English language to work effectively with all levels of IT personal and external vendors as well as EY business stakeholders, clients and others.
• Strong working knowledge of the Microsoft Office tools specifically advanced functions within Excel to support the high degree of analytics required of the role
• Working knowledge of databases and data elements inclusive of Structured Query Language (SQL) as a component of database communication protocol to create technical controls as well as recognize the impact of identified variances to the overall operational readiness of IT Services to EY’s businesses
• Working knowledge in multiple security aligned systems and applications including but not limited to Active Databases (AD), Global Core Loadset (GCL), Symantec End Point Protection (SEP), System Center Configuration Manager (SCCM), Pretty Good Privacy (PGP), Symantec End Point Encryption (SEE), as well as Enhanced Mitigation Experience Toolkit (EMET) for desktops and Data Center Services (DCS), System Center Configuration Manager (SCCM), Symantec End Point Protection (SEP) and Satellite for Unix/Linux systems for servers
• Takes a proactive role in building knowledge of EY’s global security policies and compliance directives with specific focus on those aligned to the assigned component of the infrastructure environment under formal review by the role in its remit.
• Advanced knowledge of the Service Now system to effectively research incidents and workflow process variances.
• Advanced knowledge of Spotfire analysis tool as part of the single, centrally-managed platform for process analytics
• Bachelor's degree in a technical discipline such as Engineering or Computer Science or equivalent work experience in IT and specifically Global Operations.
• Advanced English level
• Approximately 3-5 years of security administration experience in support of IT products knowledge or operations
• Advanced skill in Microsoft Excel is a mandatory requirement
Recommended certifications include:
• Certification of Chief Information Security Officer (CCISO)
• Certified Information Systems Security Professional (CISSP)
• Global Security Essentials Certification (GSEC)
• Information Technology Infrastructure Library (ITIL v2 or v3 Foundations training)
Availability to work from Mon-Fri from 13:00 to 22:00 PM