You have a life. We like that about you.
At OCLC, we believe you'll do the best work of your life when you're living the best life possible.
We work hard to build the technology that connects thousands of today's libraries. But we also work hard to make a job at OCLC a meaningful part of a balanced life- not a substitute for one.
The Job Details are as follows:
Discover. Innovate. Collaborate. Inform. A few words we use to describe a career at OCLC.
Technology with a Purpose. OCLC supports thousands of libraries in making information more accessible and more useful to people around the world. OCLC provides shared technology services, original research and community programs that help libraries meet the ever-evolving needs of their users, institutions and communities. With office locations around the globe, OCLC employees are dedicated to offering premier services and software to help libraries cut costs while keeping pace with the demands of our information-driven society.
The Information Security Compliance Analyst position ensures Information Technology controls, processes and assessments are maintained to meet regulatory guidelines and company audits. This position is a critical component of IT controls and execution not only to ensure that requirements are met, but to drive continual improvement year over year based on lessons learned, best practices and audit recommendations.
- Perform IT and compliance related internal audits with the ability to identify control gaps and process weaknesses.
- Conduct interviews, review system documentation and complete internal audit control tests.
- Develop recommended action plans to resolve control gaps and risk mitigation.
- Work with external audit firms to coordinate audit activities and collect requested evidence.
- Perform third party risk assessments for new and existing vendors.
- Conduct security awareness employee education activities such as phishing campaigns, newsletters and training courses.
- Assist with reviews of internal policies and procedures to evaluate compliance with standards and regulations.
- Act as trusted security advisor to IT and other departments
- Administer various toolsets to conduct internal audits, risk assessments and security training activities.
- Experience with IT audits, third party risk management and employee security awareness education.
- Ability to work with IT and other departments to prioritize the remediation of vulnerabilities and audit findings.
- Organization and planning: Ability to understand and determine priorities, effectively manage time, and develop work plans to accomplish tasks and/or projects
- Judgment and decision making: Ability to apply general rules to specific problems to produce answers that make sense
- Innovation and creativity: Ability to generate and translate ideas and adapt to change
- Teamwork: Ability to effectively participate and contribute as a member of a work group; ability to lead or follow others as appropriate to most effectively accomplish the goal or task at hand
- Communication: Ability to clearly organize and effectively convey information in written and verbal formats
- Ability to work under pressure: Ability to work concurrently on multiple initiatives in various stages, while maintaining attention to detail and managing deadlines
- Minimum 3 years related experience in working with IT security in a large, complex global environment
- Advanced knowledge of key information security related standards or guidelines, i.e. ISO 2700x series, NIST 800-53, SOC 2 and/or FedRAMP
- Strong understanding of application, network, operating system, and core infrastructure security concepts
- Experience in assessing risks associated with vendor relationships
- A bachelors degree in Computer Science or related discipline
- Industry relevant certifications, i.e. Security+, CISA, CISM,, CISSP, or equivalent desired.
Equal Opportunity Employer–minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity