IT Security Compliance Administrator - (Remote in Pittsburgh)

About the positionResponsibilities• Serve as an Information Security Consultant to all departments. • Provide guidance on the confidentiality, integrity, and availability of data. • Assist other IT functions in identifying, implementing, and maintaining information policies and procedures. • Respond to client RFPs, RFIs, RAQs, and security audits regarding compliance with client security policies and procedures. • Provide periodic reports to appropriate personnel, including metrics using various tools.• Monitor compliance with information security policies and procedures, referring issues to the appropriate department manager. • Collaborate with various IT teams to understand the requirements for current and new systems such as intrusion detection systems, application security systems, authentication systems, identity management, and access control. • Lead efforts to provide baseline, periodic, and ongoing information security risk and vulnerability management and penetration testing. • Monitor policy compliance activities within the IT Department.• Participate in the development, implementation, and ongoing compliance monitoring of client or business relationships to address data privacy and security concerns, requirements, and responsibilities. • Maintain current knowledge of applicable data privacy laws (e.g., GDPR, CCPA, etc.) and accreditation standards, and monitor advancements in information technologies to ensure adoption and compliance. • Manage and perform information security incident response processes and coordinate forensic investigation activities.• Assess security risk factors in protecting organizational assets and data. • Identify plans of action to mitigate and address risks. • Understand administrative, technical, and physical control mechanisms and their role as compensating controls. • Develop and maintain professional relationships with end users to ensure consistent service delivery, clear communication, and effective support for security initiatives. • Engage with personnel at all levels of the organization to provide security guidance, address concerns, and promote adherence to policies and best practices.• Serve on special teams, work groups, project teams, or escalation teams related to various firmwide IT initiatives, including specific one-time events (e.g., research, testing, rollouts, upgrades, installations, and acquisitions/mergers) or ongoing activities. • Perform all other duties as assigned. Requirements• Bachelor's degree in computer science, Information Security, Business or Engineering; or equivalent work experience is required. • CISA and/or CISSP certification preferred. • Minimum of three to five years of experience in information systems, including project management experience.• Extensive understanding of contemporary hardware and software architectures. • Proven track record in developing security policies and procedures. • Experience in implementing awareness programs and participating in IT audits. • Background in applying advanced IT Security concepts. • Understanding of the legal industry or professional services is preferred but not required. Nice-to-haves• Cross-function Communication: Ability to communicate security-related concepts effectively to both technical and non-technical staff.• Collaboration and Teamwork: Skilled in working across departments and with cross-functional teams to support security initiatives. • Auditing and Risk Mitigation: Proficiency in conducting audits, collecting and analyzing evidence, and implementing risk mitigation strategies. • Metric Reporting: Ability to track, analyze, and present periodic security metrics to stakeholders for decision-making. • Security Policy & Best Practices Implementation: Ability to develop, articulate, interpret, and implement security policies, guidance, and best practices across teams to ensure compliance and operational effectiveness.• Information Systems Management: Proficiency in managing information systems, understanding system terminology, concepts, and best practices. • Regulatory Compliance Application: Ability to interpret, apply, and ensure adherence to industry program policies, procedures, regulations, and laws in security compliance processes. • Data Analysis and Evaluation: Skill in collecting, analyzing, and interpreting complex data to evaluate security risks and system performance. • Audit Planning and Project Management: Expertise in planning and managing information security audits and security-related projects.• Independent Work and Judgement: Strong decision-making skills, with the ability to exercise independent judgment and discretion in security operations. • Problem Resolution and Negotiation: Skilled in negotiating issues and effectively resolving problems. • Technical Proficiency: Proficiency in Microsoft Office Suite and security/compliance tracking tools to document and manage security initiatives. Benefits• 401k Plan• Medical Health Savings Account• Virtual Health• Dental• Vision• Accident Insurance• Hospital Indemnity• Critical Illness Insurance• Life Insurance• Short-Term Disability• Long-Term Disability• Flexible Spending Accounts• Lyra Health Employee Assistance Program (EAP)• Paid Family Leave (for eligible Exempt and Non-Exempt Staff)• College Savings Plan• Transportation Benefit• Back-up Child Care• College Coach• Pet Insurance• Paid Sick Time• Paid Time Off Apply tot his job