Security Compliance Analyst

Location :Plano, TX

Ericsson Inc. does not sponsor US work authorizations for this job position including H-1B, O-1, L-1 and TN. Ericsson also does not hire F-1's working on EAD for this position.

About this opportunity:

This position will be within the Security Compliance team with a primary objective to identify security control gaps as well as vulnerabilities. Professionals with their wide domain experience would be expected to ensure that the Managed Services delivery unit adheres to the security compliance requirements as per the customer's security policy and any applicable regulatory requirements. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured.

• Evaluate and assess IT architectures to ensure security and efficiency
• Develop, mature, and maintain the organizational information security program in alignment with corporate, regulatory, and compliance requirements
• Contribute to the development, maintenance, and improvement of information security policies, procedures, and baseline standards
• Collaborate with cross-functional technology teams to drive security adoption and best practices
• Perform project- and solution-based risk assessments for newly adopted technologies, identifying potential privacy and security risks
• Possess a solid understanding of threat and vulnerability management
• Demonstrate knowledge of enterprise identity management, access control systems, and related tools
• Understand and apply cybersecurity and legal regulatory requirements for audit purposes
• Maintain working knowledge of IT, risk, audit, security, and privacy practices, tools, processes, and requirements
• Identify weaknesses in cloud strategies, implementations, and controls
• Conduct third-party vendor security risk assessments for both new and existing vendors to evaluate compliance with the organization's security standards
• Lead internal and external audits related to PCI, SOC 2, and HIPAA
• Facilitate and lead meetings to resolve security-related issues

• Bachelor or Masters degree in Information Technology or Computer Science
• 4 plus years of experience in IT
• 2 years experience in Security Governance, Risk and Compliance (GRC)
• ISO 27001 Lead Implementer, CISA, ITIL, CISSP, and CISM certifications will be an advantage
• Outstanding interpersonal and communications skills, both written and verbal
• Ability to work constructively under pressure
• Ability to work both in a team as well as individually
• Knowledge sharing & collaboration skills
• Customer oriented, Service minded
• Deliver results & meet customer expectations
• Ability to communicate effectively with technical and non-technical audiences
• Experience with internal and external audits (SOC2, PCI, HIPAA): preparation, evidence gathering, and execution
• Good understanding of a Risk Management Framework (RMF) and associated security controls, as well as all aspects of cybersecurity governance
• Proficient in Microsoft Office applications (e.g., Word, PowerPoint, Excel, Access, and Outlook) and Google Workspace applications (e.g. docs, sheets, slides, etc)
• Experience with Windows and Linux administration and hardening
• Conceptual understanding of Cloud and security risk mitigation techniques
• Firm understanding of CI/CD pipelines and DevSecOps principles
• Base understanding of network devices and firewalls
• Strong attention to detail with an analytical mind and outstanding problem-solving skills
• Ability to identify security gaps and either make or assist with identifying appropriate solutions
• Experience working within an Agile work environment
• Ability to manage multiple projects