IT Security Compliance Administrator - (Remote in Pittsburgh)

About the position Responsibilities • Serve as an Information Security Consultant to all departments. • Provide guidance on the confidentiality, integrity, and availability of data. • Assist other IT functions in identifying, implementing, and maintaining information policies and procedures. • Respond to client RFPs, RFIs, RAQs, and security audits regarding compliance with client security policies and procedures. • Provide periodic reports to appropriate personnel, including metrics using various tools. • Monitor compliance with information security policies and procedures, referring issues to the appropriate department manager. • Collaborate with various IT teams to understand the requirements for current and new systems such as intrusion detection systems, application security systems, authentication systems, identity management, and access control. • Lead efforts to provide baseline, periodic, and ongoing information security risk and vulnerability management and penetration testing. • Monitor policy compliance activities within the IT Department. • Participate in the development, implementation, and ongoing compliance monitoring of client or business relationships to address data privacy and security concerns, requirements, and responsibilities. • Maintain current knowledge of applicable data privacy laws (e.g., GDPR, CCPA, etc.) and accreditation standards, and monitor advancements in information technologies to ensure adoption and compliance. • Manage and perform information security incident response processes and coordinate forensic investigation activities. • Assess security risk factors in protecting organizational assets and data. • Identify plans of action to mitigate and address risks. • Understand administrative, technical, and physical control mechanisms and their role as compensating controls. • Develop and maintain professional relationships with end users to ensure consistent service delivery, clear communication, and effective support for security initiatives. • Engage with personnel at all levels of the organization to provide security guidance, address concerns, and promote adherence to policies and best practices. • Serve on special teams, work groups, project teams, or escalation teams related to various firmwide IT initiatives, including specific one-time events (e.g., research, testing, rollouts, upgrades, installations, and acquisitions/mergers) or ongoing activities. • Perform all other duties as assigned. Requirements • Bachelor's degree in computer science, Information Security, Business or Engineering; or equivalent work experience is required. • CISA and/or CISSP certification preferred. • Minimum of three to five years of experience in information systems, including project management experience. • Extensive understanding of contemporary hardware and software architectures. • Proven track record in developing security policies and procedures. • Experience in implementing awareness programs and participating in IT audits. • Background in applying advanced IT Security concepts. • Understanding of the legal industry or professional services is preferred but not required. Nice-to-haves • Cross-function Communication: Ability to communicate security-related concepts effectively to both technical and non-technical staff. • Collaboration and Teamwork: Skilled in working across departments and with cross-functional teams to support security initiatives. • Auditing and Risk Mitigation: Proficiency in conducting audits, collecting and analyzing evidence, and implementing risk mitigation strategies. • Metric Reporting: Ability to track, analyze, and present periodic security metrics to stakeholders for decision-making. • Security Policy & Best Practices Implementation: Ability to develop, articulate, interpret, and implement security policies, guidance, and best practices across teams to ensure compliance and operational effectiveness. • Information Systems Management: Proficiency in managing information systems, understanding system terminology, concepts, and best practices. • Regulatory Compliance Application: Ability to interpret, apply, and ensure adherence to industry program policies, procedures, regulations, and laws in security compliance processes. • Data Analysis and Evaluation: Skill in collecting, analyzing, and interpreting complex data to evaluate security risks and system performance. • Audit Planning and Project Management: Expertise in planning and managing information security audits and security-related projects. • Independent Work and Judgement: Strong decision-making skills, with the ability to exercise independent judgment and discretion in security operations. • Problem Resolution and Negotiation: Skilled in negotiating issues and effectively resolving problems. • Technical Proficiency: Proficiency in Microsoft Office Suite and security/compliance tracking tools to document and manage security initiatives. Benefits • 401k Plan • Medical Health Savings Account • Virtual Health • Dental • Vision • Accident Insurance • Hospital Indemnity • Critical Illness Insurance • Life Insurance • Short-Term Disability • Long-Term Disability • Flexible Spending Accounts • Lyra Health Employee Assistance Program (EAP) • Paid Family Leave (for eligible Exempt and Non-Exempt Staff) • College Savings Plan • Transportation Benefit • Back-up Child Care • College Coach • Pet Insurance • Paid Sick Time • Paid Time Off Apply tot his job Apply tot his job