Share this Job

Sr. Information Security and Privacy Compliance Analyst (Remote)

Date: Jun 1, 2021

Location: remote, MA, US, remote

Company: EBSCO Industries Inc

EBSCO Information Services (EIS) provides a complete and optimized research solution comprised of e-journals, e-books, and research databases — all combined with the most powerful discovery service to support the information needs and maximize the research experience of our end-users. Headquartered in Ipswich, MA, EIS employs more than 3,300 people worldwide. We are the leader in our field due to our cutting-edge technology, forward-thinking philosophy, and top-notch workforce. EIS, a division of EBSCO Industries Inc., based in Birmingham, AL, is ranked in the top 200 of the nation’s largest, privately held corporations according to Forbes magazine. EBSCO is a company that will motivate you, inspire you, and allow you to grow. We are looking for the best. If you are too, we encourage you to explore our unique opportunities.

Job Description  

Located north of Boston, EBSCO Information Services (EIS) is widely recognized as the leader in providing innovative digital content delivery and the application of technology to transform the digital learning environment.  EIS is searching for an Information Security and Privacy Compliance Analyst responsible for ensuring compliance to external customer and regulatory requirements.  Primary duties involve developing Information Security Policies, Standards, Procedures, and Guidelines; providing remediation plans and mitigating controls; reviewing Customer contracts, RFPs, and other documentation; performing InfoSec risk assessments; and supporting internal and external audits.   


This role will be expected to assist in the development, implementation and compliance of EBSCO's information security and privacy risk management program. The successful candidate should be able to thrive working independently and in a collaborative environment.  Strong written communication skills are a must. This is a tremendous opportunity to contribute to securing our public/private cloud environment for the future.  Experience with AWS is desired, but the right candidate will have an opportunity to learn and grow using the latest cloud technologies. 


Primary Responsibilities 

  • Assist in the management of ISO27001 Information Security Management System policies, standards and procedures.  This includes performing risk assessments, internal audits and facilitating external audit activities. 

  • Revamp EIS' Vendor Risk Management program 

  • Work with stakeholders to develop and implement security and privacy controls consistent with established policies and regulatory environments. 

  • Identify evolving InfoSec/Privacy/Data Protection requirements and risks inherent in the Company’s current operations and in the development of new products and services. 

  • Review implementation of company-wide privacy and data protection processes and procedures 

  • Review Customer contracts, RFPs, Renewals, and associated documentation for security/privacy requirements and collaborate with EBSCO Legal regarding contractual obligations 

  • Map control requirements across information security and privacy frameworks to identify overlapping requirements and compliance efficiencies 

  • Conduct audit reviews and information security risk assessments as needed 

  • Maintain a current working knowledge of applicable privacy laws, and monitor advancements in information privacy and security technologies including best practices to ensure adaptation and compliance 

  • Communicate with Internal stakeholders on information security and privacy regulations as well as help review and advise on regular reviews and updates to IT policies and procedures 

  • Update and participate in regular exercises for Incident Response.Page Break 

Role Based Competencies: 

  • Ability to communicate effectively with Legal, Sales, developers, technical leaders, project managers and executives. 

  • Experience working in Agile organizations is preferred - especially Scaled Agile Framework for enterprise (SAFe)  

  • Strong technical writing skills; demonstrated ability to develop policies and procedures consistent with management frameworks. 


Required Qualifications 

  • Bachelor's Degree in technical or business discipline or equivalent experience  

  • 4-7 years of experience in information security governance, risk and compliance 


Preferred Qualifications 

  • Security Governance Certifications preferred (CISSP, CISM, CISA, CGEIT, CRISC) 

  • Privacy Certification (IAPP) is a plus (CIPP, CIPM, CIPT) 

  • Strong understanding of the Agile Development Framework 

  • Experience in Healthcare Insurance Portability and Accounting Act (HIPAA), Child Online Privacy Protection Act (COPPA), General Data Protection Regulation (GDPR), Family Educational Rights and Privacy Act (FERPA), FEDRAMP, ISO 27001, ISO 27701, and CCPA is also desired 

EBSCO Industries, an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws.  EBSCO strictly prohibits and does not tolerate discrimination against employees, applicants, or any other covered persons because of race, color, sex (including pregnancy), age, national origin or ancestry, ethnicity, religion, creed, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.  This policy applies to all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and termination of employment.

EBSCO complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law.


Job Segment: Information Security, Compliance, Law, Technical Writer, RFP, Technology, Legal, Sales