Compliance Principal Analyst - MARS-e / Nist 800-53 - US Remote

The Compliance Senior Analyst reports to the Director of Information Security Compliance. The Compliance Senior Analyst is responsible for implementing, testing and evaluating MARS-e Security Controls on applicable systems to provide internal governance to primarily achieve attestation.

The role will play an active part in performing internal assessments and recommend solutions to remediate issues related to MARS-e compliance. The role will also act as a liaison and manage interactions with external auditors.

Primary Responsibilities:

• Implement/Test/Evaluate MARS-e Security Controls on applicable systems
• Maintain a System Security Plan on applicable systems
• Meet with HBE (Health Benefits Exchange) weekly to discuss information security related activities
• Provide Information Security reports to the CISO and management containing summary of vulnerability scans, security log review results, POAM efforts and any other relevant security event as deemed necessary
• Provide continuous monitoring per the system security plan
• Assess 1/3 of the applicable security controls according to MARS-e standards every year
• Assist with documenting the System Security Plan
• Maintain a Plan of Action and Milestone (POA&M) consistent with MARS-e , documenting all deficiencies
• Assist with Information Security investigations and incidents related to call center activity
• Stay current with and promote awareness of applicable regulatory standards, upstream risks and industry best practices across the enterprise

Secondary Responsibilities Could Include:

• Supporting the completion of compliance programs in addition to MARS-e, such as NIST 800-53, HITRUST, PCI Data Security Standard (PCI-DSS) Report on Compliance, SSAE 18 SOC 1 Type II and SOC 2 Type II compliance efforts
• Obtain and review evidence of compliance for adherence to standards
• Collaboration with other Compliance Analysts to identify overlaps with complementary compliance frameworks
• Work closely with cross-functional teams and develop strong relationships as an integral member of Information Security Compliance.

Minimum Job Requirements:

• 4 years' experience implementing and maintaining MARS-e (desired) or NIST 800-53 Security controls
• 4 years' experience managing POA&Ms and performing security assessments
• Strong writing, communication, and organization skills
• A Bachelor's degree in Information Systems, Computer Science, Information Security or related field required, with understanding and experience with industry and regulatory standards.

Highly Desired Skills / Attributes:

• Current CISSP, CISA, CISM certification or other certification(s) relevant to information security or strong desire and ability to obtain shortly after joining
• Multiple years of experience in IT Security, Corporate Risk Governance, or as an internal /external IT auditor, an internal security or risk assessment professional

COMPENSATION & BENEFITS
The anticipated starting salary range for individuals expressing interest in this position is $100,000 - $130,000 annually. This position is eligible to participate in an annual incentive program. Actual compensation offers to a candidate may vary based upon geographic location, work experience, education and/or skill levels.

Benefits available to eligible employees include the following:

• Medical, dental, and vision
• Tax-advantaged health care accounts
• Financial and income protection benefits
• Paid time off (PTO) and wellness time off

TTEC is proud to be an equal opportunity employer where all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. TTEC embraces and is committed to building a diverse and inclusive workforce that respects and empowers the culture and perspectives within our global teams. We strive to reflect the communities we serve by not only delivering amazing service and technology, but also humanity. We make it a point to make sure all our employees feel valued and comfortable being their authentic selves at work. As a global company, we know diversity is our strength. It enables us to view projects and ideas from different vantage points and allows every individual to bring value to the table in their own unique way.

Notice to external Recruiters and Recruitment Agencies: TTEC does not accept unsolicited headhunter and agency resumes. Headhunters and recruitment agencies may not submit resumes/CVs through this web site or directly to any employee. TTEC, and any of our subsidiaries, will not pay fees to any third-party agency or company that does not have a signed agreement with TTEC.

#LI-Remote
#LI-CF1