We are seeking a Senior Information Security Controls Analyst to join our Specialized Advisory Services (SAS) team in our Minneapolis office. The Senior Information Security Controls Analyst is responsible for providing information security consulting to clients, and supports other groups within the firm. S/he is responsible for recommending improvements in the IT control environment to improve an organization's overall security posture.
Controls Assessments: IT risk assessments, IT general controls reviews, and various compliance assessments. Reviews tactics, processes and controls implemented to protect organization from threats. Interprets findings to determine if controls are in place and operating effectively to sufficiently protect an organization. Identifies policies and procedures that are supporting control objectives. Recommends multi-layered approach to build a defense in depth by improving controls, defining compensating controls and determining an acceptable level of risk.
SSAE 16/SOC Reporting: Understands SSAE 16/SOC report standards and makes recommendations on most effective report. S/he helps to identify the needs of report users, assess the design of controls, remediates the control gaps.
Incident Response/Business Continuity& Disaster Recovery Planning: Evaluates response procedures to identify, assess, and properly address threats and/or recover from an incident. Reviews procedures for disaster response, recovery, and restoration, and recommends enhancements. Structures tests and exercises to prepare recovery teams.
Technical Knowledge: Knowledge of IT security concepts, best practices, and procedures. Knowledge of Windows, Unix/Linux, or Novell operating systems. Knowledge of network infrastructure hardware and software. Knowledge of IT control requirements associated with FFIEC, GLBA, Sarbanes-Oxley, HIPAA, and, PCI. Knowledge of security audit techniques, processes, and services. Professional experience with consulting and/or operations of Financial Institutions is a plus.
Performs consulting activities that include conducting interviews, control evaluation, effectiveness testing, reviewing documents, performing a variety of analysis, and preparing client deliverables such as findings and recommendations, and reports
Performs technical research to solve issues that arise during the course of various engagements
Leads teams of control analysts, providing guidance and knowledge to associate level team members. Participates in the management of client engagements.
Ability to deliver a high level of client service through positive interactions
The ability to travel approximately 40%. Please keep in mind that travel requirements are based on your current client base; therefore, this percentage could increase or decrease and vary year to year.
CliftonLarsonAllen LLP (CLA) is a professional services firm delivering integrated wealth advisory, outsourcing and public accounting capabilities to help enhance our clients’ enterprise value and assist them in growing and managing their related personal assets – all the way from startup to succession and beyond. Our professionals are immersed in the industries they serve and have specialized kn...owledge of their operating and regulatory environments. With over 4,400 people, 100 US locations and a global affiliation, we bring a wide array of solutions to help clients in all markets, foreign and domestic. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.
We are deeply invested in the success of our professionals and provide innovative career-building opportunities. At CLA, we aim to positively impact the clients we serve, the people we employ, the profession we represent and the communities we call home.
CLA is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, disability status, protected veteran status, national origin, or any other characteristic protected by law.