FTI Consulting’s Corporate functions provide support to our client service professionals so they are able meet and exceed the needs of our clients. Professionals within our Information Technology are dedicated to working together and delivering world class support across our global community.
Enterprise Information Security and Privacy Division (EISP) a part Global IT function at the Company’s Headquarters in Washington DC metro area.
ABOUT THE OPPORTUNITY:
As the IT Security Compliance Analyst, you will play a key role within the Compliance Team of our Global Cybersecurity Department. Your work will be at the heart of what we do: ensure the continuous improvement of our Information Security Management System; helping FTI protect valuable and sensitive data for our firm, employees, and clients. You will be primarily responsible for monitoring of key security controls and procedures, executing assessments across multiple IT & Information Security functions. You will get to exercise your strategy muscles, recommending and assisting in the completion of process implementation & improvement efforts that will shape the future of information security for FTI.
• Perform monitoring of key security control and procedures • Plan and conduct security audits and assessments across multiple IT systems. Test controls for operating effectiveness and report preliminary findings • Perform Independent analysis of results of security assessments and testing to appropriately assess risks and provide appropriate recommendations for corrective actions • Collaborate with various IT departments to identify root causes and assist in development of solutions • Perform deep analysis of Access, Change Management, Vulnerability Management, and assist with 3rd party risk assessments • Work with various control owners and assist in remediation and process improvement activities • Act as a liaison between external auditors and internal process owners, and respond to external auditor’s requests • Perform various internal and administrative duties (such as reporting and planning) to support the department and internal initiatives
Additionally, the preferred candidate will: • Use excellent communications skills and consultative approach to identify opportunities for improvement. • Actively participate in decision making with EISP management and seek to understand the broader impact of current decisions. • Prepare detailed, neat and organized work papers, in accordance with EISP Security assessment standards, with sufficient evidence to support and document findings, conclusions and recommendations. • Identify opportunities and provide actionable recommendations to enhance the security assessment process such as updating and adapting security assessment work programs and questionnaires. Assist in the selection and tailoring of security assessment and review approaches, methods and tools to support security assessment objectives, identified risks and business unit requirements. • Assist and support special investigations and other Corporate Security assessment initiatives or special projects as requested.
• Minimum of 2 years’ experience in IT auditing or IT compliance assessments (Big4 or large auditing firms preferred); OR 1 year of experience in IT AND 1 year of experience in IT auditing or IT compliance assessments • Undergraduate degree (4 year) in Management Information Systems, Information Technology, Computer Science or related field preferred; graduate degree a plus.
• Familiarity with IT control frameworks (i.e. COBIT, ISO27001, HITRUST, PCI DSS) • Strong understanding of Information Security Concepts • Strong audit background, i.e., the ability to perform third-party risk/compliance assessments (internal and vendors) • Strong analytical skills and creative problem-solving abilities • Advanced Excel skills. Experience in Data Analytics and SQL is a plus • Relevant Professional designations: -CISA (or passed CISA exam) strongly preferred -Security+, CRISC, CISSP, CISM is a plus • Strong IT background with a good working knowledge of a variety of current and emerging technologies • Familiar with system development life cycle and project management principles • Strong verbal, written and interpersonal communication skills along with the ability to work with others • Strong intellectual curiosity and active in professional development • Self-starter able to work independently yet seeks guidance from Managers as needed. • Ability to travel up to 20% of the time.
FTI Consulting, Inc. is a global business advisory firm dedicated to helping organizations protect and enhance enterprise value in an increasingly complex legal, regulatory and economic environment. With more than 4,400 employees located in 26 countries, FTI Consulting professionals work closely with clients to anticipate, illuminate and overcome complex business challenges in areas such as invest...igations, litigation, mergers and acquisitions, regulatory issues, reputation management, strategic communications and restructuring. Our professionals are some of the most experienced leaders in their fields including: certified turnaround professionals, forensic accountants, corporate investigation specialists, intellectual property specialists, former political leaders, former chief executives, Nobel Laureate economists, banking and securities professionals, certified public accountants, e-discovery professionals, corporate, financial and crisis communications specialists, chartered financial analysts and industry experts. Since our founding in 1982, clients have turned to us for high-stakes issues that require specialized expertise. FTI Consulting was engaged to work on some of the biggest news stories of the last two decades including the Bernie Madoff investment securities scandal, the Stanford Financial Group investigation, the 2010 Gulf oil spill crisis, the Major League Baseball steroid investigation, and high profile corporate restructurings including Lehman Brothers, General Motors and CIT, just to name a few.