Job Title

DRC is one of the largest educational assessment and curriculum/instruction companies in the industry. Information Security Compliance AnalystData Recognition Corporation-Maple Grove, MinnesotaCompany cannot provide sponsorship for this roleNo agencies, please Summary:This position is part of the Data Recognition Corporation (DRC) Information Security Team that has an important role in the defining and enabling the secure operation of the DRC environment. This position has responsibility for contributing to various risk and compliance activities, including internal and external security reviews that are key to validation of our security program. This position also assists with other aspects of the security practice, including maintaining DRC's security policies, standard and procedures; increasing the organizations security awareness; performing risk assessment and risk management activities; and promoting business continuity and resiliency efforts. This position can be fully remote, located on site in the Maple Grove headquarters building or hybrid.Responsibilities:This position will assist in a wide range of compliance and risk functions, with the focus being on maintaining and enhancing our security and compliance maturity. Responsibilities include:Complete customer and third-party compliance requests and security questionnairesPerform annual audits (third party and customer)ISO Audits for ISO 27001 and 27701FISMA AuditsSOC II Type 2Various customer auditsConduct internal audits (ISO and NIST) and following up on action itemsPolicy and standard development and reviewManage policy exception processesManage security awareness and phishing programAssist in security risk management program (third party and internal)Assist in Business Continuity/Disaster Recovery efforts and exercisesConduct Business Impact AnalysesUpdate and maintain security and compliance metricsEssential Qualifications2+ years of Information Security, GRC, or IT Compliance experienceInternal or External Audit or Compliance experienceKnowledge or experience in one or more of the following:ISO 27001, 27701NIST 800-53FISMASSAE/SOC IIPossesses a high level of personal integrity and the ability to discreetly handle sensitive, personal, and classified case information.Preferred QualificationsCollege degree or equivalent work experience.Local candidates preferred.Experience with Federal Information Security Management Act (FISMA) leveraging National Institute of Standards and Technology (NIST) security controls (NIST 800-53, rev 4/5).Security certification such as Certified Information Security Auditor (CISA) and/or Certified in Risk and Information Security Controls (CRISC)Experience supporting and participating in third party vendor security assessments and audits, reviewing audit findings as well as responses to security findings and remediation plans.Reporting to this position: No direct reportsThe Employer retains the right to change or assign other duties to this positionAll qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Company cannot provide sponsorship for this positionPlease, no agenciesData Recognition Corporation is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.