Our seasoned professionals deliver services based on Milestone’s best practices and service delivery framework. By leveraging our vast knowledge base to execute initiatives, we deliver both short-term and long-term value to our clients and apply continuous service improvement to deliver transformational benefits to IT. With Intelligent Automation, Milestone helps businesses further accelerate their IT transformation. The result is a sharper focus on business objectives and a dramatic improvement in employee productivity. Through our key technology partnerships and our people-first approach, Milestone continues to deliver industry-leading innovation to our clients. With more than 2,000 employees serving over 200 companies worldwide, we are following our mission of revolutionizing the way IT is deployed around the globe.
As a IT compliance analyst at Milestone, you will help the security and compliance team to take our current cyber security program to the next level. You will work closely with various teams across our organization to ensure we are remaining proactive and ensuring our processes and systems are designed and implemented following best security practices. You will also be responsible for maintaining operational effectiveness of our company by mitigating risk all while increasing our security posture and protecting its assets.
The primary purpose of this position is to provide the maintenance, upkeep and provide front line support of our cyber-security program.
This role will report to Chief Information Security Officer (CISO)
How You Will Make An Impact:
Help to maintain Milestone’s controls framework and ensure it is consistent with the business objectives, applicable legislation, and certifications.
Measure and analyze cyber security posture across the organization and recommend improvements and solutions to current cyber security issues and risks
Support identifying the scope of the Governance processes, drafting and validating business cases, conducting business analysis, leading the gathering process of business requirements
Participate in the assessment of current state and issue identification, develop recommendations aligned to strategic objectives, and draft high level conceptual and detailed design recommendations
Support Milestone audits and security compliance reviews (including but not limited to: SSAE18/Soc2 Type2, ISO27000 etc.)
Support company-wide annual Risk Assessments and Investigation Deep Dives.
Support execution of supplier and service partner Due Diligence and ad hoc audit requests.
Contribute to building and maintaining Wellpath audit, risk, and compliance maturity program.
Support rest of Milestone’s business units in their ability to adopt innovative solutions and technology towards delivering a data secure environment both internally and externally.
Liaise with cross-functional teams to provide consulting as SME on governance and compliance requirements.
Develop, maintain, and regularly update the standards and policies framework, including coordinating signoffs from affected parties.
Produce management reports and support with presentations for Committee and Board meetings and Risk management reporting.
Support reporting to the internal Infosec organization, including weekly meeting minutes, ad-hoc meetings, and workshop minutes.
Support KPI/KRI reporting – create performance dashboards for Infosec, analyse the data and share insights with the wider team.
Provide support in evaluation of security tools for the firm.
Assist various teams in capturing and refining information protection requirements, integrating those requirements into system designs and ensuring program compliance.
Provide support for contract review for customer engagement from an Infosec perspective. Provide support for periodic Awareness to internal employees.
Prepares and/or conducts written and oral reports and presentations.
What You Will Need To Succeed:
At least 5 years’ experience is security risk and compliance management or similar position. Experience in the Financial Services would be welcome.
At least a Bachelor’s Degree in Computer Science or related field with relevant practical experience.
Industry recognized certifications (CISA, CISM, CRISC, CISSP) will be considered as a strong advantage.
Experience in SOC2 compliance audits and related standards.
Experience with ISO27001, COBIT and other security standards.
Good understanding of the risk-based controls and governance approach and its practical application in the environment.
Understanding of key controls and how they impact the business from an operational or systems perspective.
Fluent in English (both orally and in written proficiency).
Excellent interpersonal and communication skills, including ability to interact effectively with positions of all levels
Ability to prioritize and execute on multiple, simultaneous, complex priorities
Ability to deal with highly confidential information in a professional manner
Our Commitment to Diversity & Inclusion:
At Milestone we strive to create a workplace that reflects the communities we serve and work with, where we all feel empowered to bring our full, authentic selves to work. We know creating a diverse and inclusive culture that champions equity and belonging is not only the right thing to do for our employees but is also critical to our continued success.
Milestone Technologies provides equal employment opportunity for all applicants and employees. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, gender identity, marital status, age, disability, veteran status, sexual orientation, national origin, or any other category protected by applicable federal and state law, or local ordinance. Milestone also makes reasonable accommodations for disabled applicants and employees.
We welcome the unique background, culture, experiences, knowledge, innovation, self-expression and perspectives you can bring to our global community. Our recruitment team is looking forward to meeting you.
This position may be assigned to a client that requires all individuals on-site to have the COVID-19 vaccination. The individual must be fully vaccinated before starting work at such a client site.