POSITION: Information Security Compliance Analyst (Exempt)
SALARY: $71,227.00 - $110,343.00 Annually
CLOSING DATE: 06/18/21 05:00 PM PT
APPLY ONLINE: https://portofportland.com/Careers
This position is responsible for ensuring that the Port and its employees comply with Information Technology Policies, Procedures and Standards as they relate to Information Security, Software Licenses and Copyright. This role ensures that appropriate controls related to information technology are in place and maintained. The Information Security Compliance Analyst often serves in an influential role identifying compliance risks, evaluating mitigation options, and making recommendations regarding best practices. This position must stay abreast of external cyber threats, regulatory changes, best practices, and certification requirements. This position will be involved in communicating with all levels of the organization.
SUMMARY OF ESSENTIAL RESPONSIBILITIES:
- Assessments and Compliance: Assist in the planning and coordination of external vendor involvement in cyber security activities, such as penetration tests, audits/assessments, etc.
- Coordinate and track internal tasks for ongoing IT regulatory compliance.
- Monitor and follow-up to ensure timely completion of cyber security tasks, and prepare status reports.
- Monitor and track remediation tasks following internal/external information security assessments.
- Participate in Port vulnerability management program and work with other IT teams to remediate discovered weaknesses.
- Maintain and continually evaluate the effectiveness of the Port information security awareness program.
- Information Security Policy and Procedure Management: Serve as knowledge expert in the compliance domain for processes, policies, standards and procedures.
- Work collaboratively with senior management, internal audit, internal and external legal counsel, as well as all levels of internal staff to ensure that IT policy and procedure documents are kept current.
- Research and assist in developing, evaluating, updating, and managing information security policies, standards, and procedures, and make recommendations and guiding transitions when necessary.
- Software License and Asset Management: Create, maintain, and improve record keeping regarding software assets including licensing. Communicate issues to IT management as soon as possible.
- Oversee and actively manage the inventory of all software licensed by the Port.
- Ensure that end-to-end processes of software asset management are fully executed and results in auditable and accurate inventories.
- Serve as a communication and training resource for issues related to copyright, software licensing, and information security.
- Respond to customer requests for public exhibitions (e.g. Port sponsored events) of copyrighted videos and music to ensure the Port follows all applicable licensing and fair use laws.
- Participate in procurement and contract negotiations related to software licensing.
- Supports maintaining the Port’s authorized software standards list.
- Security Operations: Monitor various cyber intrusion alert sources for potential malicious activity and take appropriate action.
- Perform response and analysis activities for cyber incidents/breaches, and legal/administrative investigations as required.
- Coordinate cyber incident response activities with other IT teams as needed.
- Review and analyze various cyber threat data sources and provide mitigation recommendations for protecting against and detecting identified risks.
- Provide support for managing Port information security team meetings, and cyber incident and IT disaster response and recovery exercises.
- Bachelors Degree in Information Systems or related field is preferred; or the equivalent combination of education and/or relevant experience is required.
- Minimum of five (5) years' experience in dealing with compliance issues and regulatory requirements associated with information technology including but not limited to: copyright, software purchasing, maintaining licensing inventory, information security, and communicating with internal and external clients.
- Working knowledge of: Enterprise IT environments; processes and compliance issues related to software licensing information security, and disaster recovery/business continuity; alternative software licensing models and familiarity with contract negotiations and management; enterprise tools for managing and monitoring information security, vulnerability management, and software license inventories.
- Advanced knowledge of: Compliance models, general audit requirements and approaches; legal and regulatory requirements for IT.
- Ability to obtain and maintain security clearance for access to secure Port facilities.
- CISA, GSNA, or equivalent information security certification preferred.
- Valid driver's license preferred.
SKILLS AND ABILITIES:
- Excellent written and oral communication skills.
- As-is and to-be analysis.
- Financial feasibility assessments.
- Promotes safety as a guiding principle and a regular practice in accomplishing work; focuses on safety improvements and complies with safety and health policies and procedures;
- Shows the utmost respect for others and is a proven team player.
- Effectively execute on projects and initiatives according to defined work scopes and timelines;
- Work on-call and off shift as needed in the event of an information security incident or other issues;
- Work collaboratively with IT, business, and administrative staff as well as software vendors for items such as enterprise agreements;
- Use effective two-way communication with individuals, teams and groups across the organization;
- Identify, acquire, and maintain appropriate technical certifications, attend training courses, and keep abreast of evolving issues and trends;
- Keep current working knowledge of IT compliance audit requirements related to information security, disaster recovery/business continuity, regulatory changes, IT asset tracking, copyright, and software licensing;
- Demonstrate commitment to valuing differences among individuals and passion for being inclusive.
- Diversity and Inclusion: At the Port, we don't just accept difference; we value and support it to create a culture of inclusiveness and fun. We are proud to be an Equal Opportunity Employer.
- EEO/Affirmative Action Policy Statement: The Port of Portland is dedicated to maintaining and improving a work environment, which extends equal opportunity to all individuals, regardless of their race, color, sex, age, religion, national origin, marital status, veteran status, disability or sexual orientation. Employment decisions shall be made in such a manner as to further the principle of equal employment opportunity and to comply with state, federal and local laws. We affirm through this policy statement our continuing commitment to the principles of nondiscrimination and affirmative action.
- Veterans Preference: Under Oregon law, qualified veterans may be eligible for veterans preference when applying for Port of Portland positions. If you are a veteran and would like to be considered for a veterans preference for this job, please provide the qualifying documents as instructed during the application process.
- Background Checks and Drug Testing: The Port of Portland will conduct background checks and/or drug tests for positions where such tests are required by regulation and for other highly sensitive positions.
- ADA Accommodation: Accommodations will be considered for applicants or candidates with a qualifying disability that prevents them from participating in this process. Accommodations will be made where the Port can reasonably do so without imposing an undue hardship on the business or compromising the integrity of the recruitment process. An applicant with any disability who believes that they need an accommodation should contact Human Resources at 503.415.6000
APPLY ONLINE: https://www.portofportland.com/Careers
CLOSING DATE: 06/18/21 05:00 PM PT