IT Security Governance Analyst

Overview

We are Altice USA; a family of businesses that includes Optimum, Suddenlink, Optimum Mobile, Optimum Business, A4 advertising, Cheddar, and News12. Our common goal is connecting our customers to friends and family, shows they love, advertising that resonates and news that matters. We’re building a workforce that thrives on collaboration, inclusion, and innovation. We hope connecting you to a potential role is just the beginning.

Responsibilities

Work as a contributing member of the Information Security and Compliance team by performing daily activities to ensure internal controls, standards, policies, and standards are in place, up to date, and adhered to infrastructure and information assets. IT Security Governance activities include developing and maintaining the information security program based on the security framework, updating security policies, standards, and controls, overseeing the information security risk management program, process and lifecycle and the leading the security awareness program for continuous security education.

This essential role provides a proactive review and design of security controls and processes to minimize overall security risks. The security analyst assists in the planning, execution and testing of management’s security controls and recommends improvements and methods for minimizing exposure to security threats. This position works with Compliance, Internal Audit, and various Technical teams to manage risk and improve the company‘s overall security posture. The various compliance disciplines include but are not limited to IT General Computer Controls (GCC), Sarbanes-Oxley (SOX), Payment Card Industry (PCI), and Altice’s National Security Agreement (NSA) with the Department of Justice.

Responsibilities

• Develops and maintains the Written Information Security Program (WISP) for the company and the Security and Compliance Policy, Procedure and Standard documentation. Ensures annual validation is conducted as well as on-going updates with publication and communication.
• Software application administration of current and future tools for use in IT Security Governance and Compliance. Develops and tests application configuration updates in the development environment before migration to production for use by the IT Security Governance and Compliance community of users. Act as subject matter expert for this function and assess and evaluate new and/or existing tools.
• Develops and maintains user documentation and instructions for all IT Security Governance and Compliance tools. Conduct training of new/existing users on all supported tools. Maintain application and support the end users to ensure a continual and efficient operation.
• Ensure active Risk Items are actioned and closed in a timely manner. Support the creation of the Security Improvement Plans. Conduct annual and on-going risk assessment for company systems for action and remediation by appropriate groups.
• Produce necessary cybersecurity reporting for the Compliance Committee and key stakeholders. This includes but is not limited to vulnerabilities, risks, security incidents, social engineering and security awareness results.
• Review Security Awareness training material for accuracy and updates.
• Provide KPIs and metrics for Security Incidents, Risks, Vulnerabilities, and other indicators of success to be reported monthly, quarterly, and annually
• Maintain IT System, Network, and Application Narratives for compliance auditing and review
• Review and update inventory of application systems and interfaces as needed.
• Provide support to peers and business partners for compliance programs, and other external and internal audits.
• Maintain IT Security Governance and Compliance Process Documentation. Identify areas requiring additional review, based on knowledge of systems and general computing controls.
• Participate in process walkthroughs with Reviewers/Approvers in order to understand (or review) critical controls.
• Maintain thorough understanding of the company‘s business processes that are involved with IT Security Governance and Compliance reviews.
• Inform IT Security leadership of potential risks and recommend resolutions
• Work with compliance management and process owners to document risk mitigation.
• Acts as a liaison and IT Security Governance and Compliance expert. Serves as a source of information on the IT Security Governance and Compliance needs and regulatory environment.
• Participates in special projects and performs other duties as assigned.

Qualifications

• 2-4 years’ experience with IT Security Governance and Compliance, or related functions
• Bachelor’s Degree preferred.
• Solid understanding of security controls, application security, general computing controls.
• Experience directly related to the development, implementation and maintenance of Security and Compliance programs.
• An understanding of security risk frameworks, such as the NIST Cybersecurity Framework.
• Technical knowledge of information systems, networks, and applications.
• Ability to timely coordinate with Vendors and Business Units and adjust technical communication to audience.
• Proficient in MS office applications and collaboration tools.

Altice USA is an Equal Opportunity Employer committed to recruiting, hiring and promoting qualified people of all backgrounds regardless of gender, race, color, creed, national origin, religion, age, marital status, pregnancy, physical or mental disability, sexual orientation, gender identity, military or veteran status, or any other basis protected by federal, state, or local law.

Altice USA, Inc. collects personal information about its applicants for employment that may include personal identifiers, professional or employment related information, photos, education information and/or protected classifications under federal and state law. This information is collected for employment purposes, including identification, work authorization, FCRA-compliant background screening, human resource administration and compliance with federal, state and local law.

Requirements of this position include demonstration of either full vaccination status against COVID-19 or company-provided weekly COVID-19 testing.