IT Security and Compliance Specialist

Return to Postings
Posted On:
Closing On:

Job Description:

The IT Security & Compliance Specialist will be responsible for supporting the IT Security and Compliance Program. The IT Security & Compliance Specialist will be responsible for bridging the gap between compliance and security by supporting policy and standards development. They will perform risk assessments, gap analysis and overall security controls guidance around security standards such as ISO 27001, National Institute of Standards and Technology (NIST 800-53), IRS 1075 and other security frameworks. They should be familiar with patch management & vulnerability processes and be comfortable interpreting business risk and priorities around remediation to IT staff. The IT Security Compliance Specialist will also perform Plan of Action and Milestone (POAM) activities to track remediation efforts, complete security risk tracking and reporting, and Information Technology audit preparation and response.

The ideal candidate will be a self-starter and have an inquisitive, analytical mind that constantly looks for solutions to difficult problems.  The Specialist must have the ability to convey technology and security concepts to management and ideally has technical knowledge and/or experience in security with a proficiency in a risk management framework with the ability to assess administrative and technical controls.

A successful candidate must be driven and goal-oriented with the ability to complete tasks with limited supervision within an evolving and entrepreneurial environment.  The IT Security Compliance Specialist will work with other departments throughout SAS and must be detail-oriented to successfully manage multiple projects at the same time.

Knowledge Skills and Abilities

  • Lead key compliance activities, including, but not limited to, IT Policy and standards SME, Supplier Security Qualification for third party relationships, risk assessments, control gap analysis, Security Incident Response and contract reviews for security compliance.
  • Lead compliance program/project initiatives, audits and benchmarking of security policies against best practices and standards, which may include ISO 27001, FISMA, IRS 1075, NIST 800-53, and other NIST special publications.
  • Participate in security investigations and compliance reviews as required by customer requirements or internal or external audits.
  • Operate as a consultant, researching and recommending changes to enhance or streamline information security procedures.
  • Identify and recommends best security practices within SAS to improve efficiencies and improve the organization’s security posture.
  • Review security and audit contract terms and ensure compliance to current policies and processes.
  • Serve as a subject matter expert in the creation and maintenance of IT policies and standards, ensuring compliance with regulations and other security or operational guidance.
  • Interface with customer auditors to discuss security or IT hosting operations-related concerns during pre- and post-sales activities.
  • Assist with analysis, documentation, and training of remediation actions in response to audit findings.
  • Effectively communicate, facilitate, present, and train both technical and non-technical small and large audiences, regarding security requirements and procedures.
  • Coordinate response to complete RFP and security questionnaires.
  • Must have the ability to work with little supervision, escalating issues, as appropriate.
  • Create and help administer security training programs and practices.
  • Perform other duties, as assigned.

Preferred Skills:


  • Highly motivated individual with excellent organizational skills, detail oriented, with the ability to stay on top of a variety of commitments and deadlines; must be able to work independently and as a team to maintain workload, and report on problems or progress in a timely manner
  • Strong time management skills (schedules, timelines, and task prioritization) and ability to work with minimal supervision or guidance
  • Excellent communication, analysis and process flow skills are essential
  • Good working knowledge of IT Governance activities which inform the organization’s policies, standards, and procedures
  • The ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity
  • Understanding of best practices for information security and data privacy
  • Understanding of regulatory standards: FDA Part 11, PCI, FISMA, NIST 800-53, HIPAA and IRS 1075
  • Knowledge and experience with best practices / standards: ITIL, or ISO 27001
  • Knowledge of IT or quality auditor procedures and tools (not financial/accounting)
  • Excellent planning and organization skills
  • Proven ability to manage projects
  • Strong time management and prioritization skills
  • Self-motivated and ability to work independently
  • Experience with ServiceNow issue management ticketing system
  • Equivalent combination of education, training, and relevant experience may be considered in place of the requirements above

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the notice Pay Transparency 

Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process. 


Powered by JobGrok