ResponsibilitiesThe Information Technology Security Compliance Analyst is a technical and analytical position within Meritage Homes’ IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, security awareness, risk & vulnerability assessments. A successful applicant will be technical in nature with a high aptitude for both written and verbal communication skills, with the ability to influence peers across all management levels to support security objectives.
The Security Compliance Analyst position will provide timely and quality service to ensure policy, standards, and configurations are adequately maintained, communicated, and compliant with internal and external policies or regulations. This position is responsible for managing, developing, maintaining, and communicating company security policies, standards, and configurations in accordance with industry standards and best practices.
The Security Compliance Analyst is expected to have experience and knowledge of industry tools to perform their functions including but not limited to GRC Systems, vulnerability, and patch management, vendor risk management applications, and IT Service Management systems. Additionally, the Security Compliance Analyst is expected to have experience with security and risk frameworks.
Responsibilities and Duties
- Develop dashboards, KPIs, and KRIs to measure the effectiveness of technology risk mitigation using Power BI
- Lead the development, update, and compliance of corporate information security policies, guidelines, and standards.
- Primary subject matter expert on GRC Application
- Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances, and create action plans for remediation.
- In conjunction with internal and external audit partners, provide governance for the identification, audit, validation, and remediation of information technology controls required for SOX, PII, NIST Security Control Framework, and any other applicable regulatory compliance frameworks.
- Facilitate the coordination, tracking, and automation of all IT and security audits.
- Monitor the health of ongoing technical and non-technical controls.
- Respond to real-time breaches in IT Security Compliance
- Establish custom detections or leverage native detections using security tools for compliance deviations.
- Conduct and track information security assessments of third-party vendors to determine their ability to protect data.
- Work with stakeholders to coordinate mitigation efforts on issues identified during vendor due diligence reviews.
- Participates in projects and assessments to establish risk determination and remediation.
- Development of and maintenance of an IT Security risk register
- Using industry best practices and tools, be able to utilize technology-based tools to validate controls are in place as established.
- Work with technical teams proactively to ensure baseline configurations are kept current and configurations for new technologies are designed and built before integration into the company environment
- Develop a comprehensive information security awareness program and run year-round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives, or other required security announcements.
- Maintain security and compliance metrics that are meaningful and actionable for all levels of management. Metrics should establish baselines, highlight progress, and drive behaviors.
- Coordinate with internal and external audit and compliance groups on the improvement of information technology controls
- Analyze, evaluate, prioritize, and process results from security penetration tests or assessments.
- Work with business, technical, and other stakeholders to drive Information Security projects with a risk-based service delivery view
- Anticipate, research, and understand industry and regulatory compliance trends, serving as an expert on Information Security GRC capabilities and best practices, including analysis and documentation of best practices
- Coordinate program elements in a fast-paced environment using iterative techniques
- Provides Level 3 support functions
Additional duties as assigned
Qualifications- Bachelor’s degree in computer science, Information Systems, Information Security, or a related field and/or experience in lieu of degree.
- Industry-relevant certifications such as CISA, CISSP, CRISC, M365 Compliance (SC-400), Microsoft Cybersecurity Architect (SC-100), CCSP
- 3+ years’ experience in an Information Technology Security role, preferably in compliance, audit, and/or control roles.
- And 2+ years in information technology engineering role, such as System Engineer, Cloud Engineer, or Network Engineer.
Essential
- Action-oriented mindset and drive to get things done
- Ability to prioritize and execute tasks with a self-motivated approach to work
- Strong understanding of security frameworks such as NIST CSF, CIS, ISO 270001, SOC II Type 2, and benchmarks such as CIS Benchmarks, STIG, and Microsoft Baselines.
- Experience with Microsoft 365 Compliance Tools such as Microsoft Purview, Information Protection, Data Loss Prevention, Retention, Insider Risk, and Privacy.
- Strong understanding of SOX, CCPA, and PCI compliance & controls
- Strong knowledge of ITIL and service management principles.
- Proficient in Excel, Word, and PowerPoint experience required
- Strong written and verbal communication
- Strong problem-determination and resolution skills.
- Ability to develop and maintain collaborative relationships with peers and colleagues across the organization, as well as internal and external clients and with all levels of management
- Ability to influence peers to support the goals and objectives of the organization and the IT Security Team
Preferred
- Demonstrated experience with ServiceNow GRC, or other industry GRC systems.
- Strong understanding of OWASP 10 vulnerabilities and mitigations.
- Experience with security tools and systems, including M365 Defender suite, vulnerability management, network defenses, and related APIs
- Scripting language experience such as Python, PowerShell, or BASH is a plus.
- Security implementation project experience to include security automation, audit, vulnerability management, application security, etc.
- Experience conducting reviews of Secure SDLC/SecDevOps practices and Database Auditing preferred.
OverviewAre you looking for an incredible career opportunity? Then Meritage Homes is the place for you!From the homes we build to the careers we offer, we believe in quality.Meritage Homes is the ENERGY STAR® Partner of The Year in Sustained Excellence for being a leader in protecting the environment and advancing energy efficiency in homebuilding. We are looking for candidates who are excited about furthering their careers, as well as being a part of an organization that helps people live happier, healthier lives. With over 100,000 homes built, Meritage Homes is looking for professionals who are self-starters and want to help our organization grow by providing new and innovative ideas.
When joining Meritage Homes, you and your career can benefit in several ways, including:
- A work environment that encourages creativity and innovative ideas from every level
- An organization that lives by its core values everyday
- Team atmosphere where every individual is considered a vital asset
- State of the art technology to provide an optimal working environment
- A competitive pay structure
- Strong benefits
- Flexibility in work-life integration
- Team-oriented environment where all individuals play an integral role in the company
- Opportunity to further your career in a growing national organization
- Maintain a competitive drive to be the best
#LI-AJ2