Information Security & Compliance Analyst Cover Letter

I am excited to be applying for the position of information security & compliance analyst. Please accept this letter and the attached resume as my interest in this position.

In the previous role, I was responsible for cloud technology security expertise by defining and influencing appropriate policies, technologies, processes and controls to reduce risk.

Please consider my qualifications and experience:

• Security experience and working in multicultural environments
• Auditing or compliance experience preferred
• The following security certifications preferred, Certified Information System Auditor (CISA), Certified Risk Information Security Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Management (CISM) or, Certified in the Governance of Enterprise IT (CGEIT)
• Respond to alerts from information security tools
• Report, investigate and resolve security incidents
• Educate and communicate security requirements and procedures to all users and new employees
• Research security trends, new methods, and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach
• May oversee internal or external systems security

Please consider me for the information security & compliance analyst opportunity. I am including my resume that lists my qualifications and experience.

Previously, I was responsible for strategic and tactical security control recommendations, operational security blueprints and roadmaps, reference architectures for security patterns, and general security technology / application assessments.

Please consider my experience and qualifications for this position:

• Understanding and knowledge of information security compliance best practices, with a particular focus on the authentication and authorization domain
• Demonstrated experience developing executive-level communications, presentations and briefs – including strong writing and editing skills
• Demonstrated experience with in-person and online training delivery
• Previous experience in research, higher academic institution, with working with faculty, staff, student body on cybersecurity issues
• Knowledge of information security regulations, including the HIPAA Security Rule, FISMA and 201 CMR 17.00
• Knowledge and experience with research-related regulations, IRB-practices, and other aspects of the research enterprise is preferred
• Knowledge of information systems technologies, products, services, and demonstrated eagerness to learn new technologies
• Demonstrated interpersonal, communication and project management skills with a professional demeanor

Please consider me for the information security & compliance analyst opportunity. I am including my resume that lists my qualifications and experience.

In the previous role, I was responsible for oversight and accountability of the day-to-day security operations and/or other administrative areas to include but not limited to: develop and maintain the Security Administration function of maintaining security access to corporate communication and computing systems; implementing and carrying out Information Security policies; review and lead all application projects impacting Information Security; ensure IT and business areas follows established information security policies and procedures; and ensure all information security personnel receive the required technical and security training.

I reviewed the requirements of the job opening and I believe my candidacy is an excellent fit for this position. Some of the key requirements that I have extensive experience with include:

• Knowledge of PCI-DSS with prior work experience in a PCI-compliant environment strongly preferred
• Prior experience in auditing and risk management, contract and vendor negotiations
• CIPP, CISSP, CISM, CISA, CRISC, or other similar professional designations are a pl
• Organizational astuteness
• Confidence and high integrity
• Understanding of information security and privacy concepts and practices (HIPAA, PCI, PII, NIST, ITIL )
• Conflict/dispute resolution skills
• Demonstrated experience consistent with ISO 27000

I submit this application to express my sincere interest in the information security & compliance analyst position.

Previously, I was responsible for oversight and accountability of the day-to-day security operations and/or other administrative areas to include but not limited to: develop and maintain the Security Administration function of maintaining security access to corporate communication and computing systems; implementing and enforcing Information Security policies; review and oversee all application projects impacting Information Security; ensure IT and R&D follows established information security policies and procedures; and ensure all information security personnel receive the required technical and security training.

Please consider my experience and qualifications for this position:

• Specific experience in Incident Management and Data Loss Prevention is preferred
• Experience using MS Access and Visio is preferred
• Experience in implementing a risk management program which defines risk assessment and remediation requirements, in conducting information security risk assessments which map to ISO/IEC 27000, NIST, BITs, , and in defining and implementing SDLC security requirements
• Demonstrative knowledge of information security standards such as ISO/IEC 27000, NIST, FISMA, PCI
• Knowledge of security policies, regulations, compliance issues, processes and standards ( ISO, ITIL, COBIT, PCI, NIST, SSAE-16/18 standards)
• Strong understanding of internal audit and security compliance functions, with a general understanding of PCI, HIPAA, and SOX
• Familiarity with retail industry, ecommerce, IT, and software development concepts
• Experience working in a team-oriented, fluid, and collaborative environment

I am excited to be applying for the position of information security & compliance analyst. Please accept this letter and the attached resume as my interest in this position.

In the previous role, I was responsible for regular, timely reporting on the information security status across Technology Solution teams and, provide regular metrics and reporting to the Director of Information Security with a focus on continuous improvement.

Please consider my qualifications and experience:

• Working knowledge of Information Security concepts such as risk management, control gap assessments, threat modeling, security automation, cloud security, security architecture, and incident response
• Familiarity with common technical security controls and control frameworks such as ISO 27001/2, SOX, HIPAA/HITECH, GLBA, GDPR, AICPA SOC2, NIST 800-53, and FedRAMP
• Proficient with using Microsoft Word, Excel, PowerPoint, and Visio tools to deliver work documents
• CISA, CISM, CISSP, GIAC Certifications or equivalent experience
• Perform current state risk assessments, continual risk assessments, gap analysis, risk metrics and reporting, risk convergence IT risk and control framework design, and integrated operational risk management
• Maintain and monitor Information Security Risk Exception process to ensure identification of areas of high risk
• Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls for the campus are appropriate and operating as intended
• Provides coordination and support for execution of IT security projects