Information Security Analyst

HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators and improve student outcomes. As a leading provider of K–12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students’ potential and extend teachers’ capabilities.

HMH serves more than 50 million students and 4 million educators in 150 countries. HMH Technology India Pvt. Ltd. is our technology and innovation arm in India focused on developing novel products and solutions using cutting-edge technology to better serve our clients globally. HMH aims to help employees grow as people, and not just as professionals. For more information, visit www.hmhco.com

What you’ll do:

This position is for a Governance, Risk & Compliance Analyst (GRC). This role will work to identify risk and ensure compliance with HMH policies, industry standards, relevant laws and regulations, and industry best practices. This position may also assist in maintaining and developing appropriate policies, procedures, and documentation to maintain compliance with local, state, and federal laws. Reviews and evaluates compliance issues and concerns within the organization.

What you will do (but not limited to)

• Ensure ongoing compliance with HMH’s policies and procedures for information security.
• Design and/or conduct security risk assessments.
• Maintain the controls matrix in alignment with multiple compliance frameworks and standards.
• Prepare compliance reports and status reports, identify issues, and report to senior management.
• Support key business initiatives by identifying security and compliance related risks.
• Collaborate with IT, cybersecurity, and business teams to supervise and resolve identified risks and vulnerabilities.
• Assist with various internal and external audits, and their responses and remediation efforts.
• Ensuring internal compliance (including IT, vulnerability scans, annual training, etc.) are executed in a timely manner.
• Understand impact of vendor assessments and assist with the HMH’s vendor management program.
• Communicate to senior management, through reports, presentations, metrics and other documentation, any cyber-security risks identified.
• Attend and draft minutes of the HMH’s IMS Steering Committee.
• Performs related duties as assigned by supervisor.

Education/Experience:

• IT Compliance and third party, technology, and project risk assessment experience.
• Experience with Governance, Risk, and Compliance tools
• BA or BS degree in Computer Science, Information Technology/Systems, or related degree preferred, or equivalent experience
• 1-3 years of experience in Compliance or Risk Management
• 3-6 years of experience in an Information Technology Audit/Information Security
• CISSP, CISA, or equivalent experience

Knowledge:

• Requires a good understanding of IT security concepts with an emphasis on Governance, Risk & Compliance (GRC).
• Requires good knowledge of IT and computer systems
• Requires good understanding of internal and external audit process
• Requires in-depth understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities
• Requires an understanding of Payment Card Industry - Data Security Standard (PCI-DSS), and proficiency in applying Health Information Portability and Accountability Act (HIPAA) security rules and National Institute of Standards and Technology (NIST) standards
• Requires demonstrated proficiency in applying Identity Management (IDM) concepts

Skills and Abilities Required:

• Requires the ability to read, analyze and interpret information as it pertains to compliance-related functions and regulations.
• Requires the ability to demonstrate a high level of interpersonal skills to conduct productive communication and to effectively present oral and written communications.
• Requires the ability to follow instruction and to work both independently and within a team environment.
• Requires the ability to demonstrate punctuality and good attendance.
• Requires the ability to define issues, collects data, establish facts, and draw valid conclusions.
• Proficient in computer programs, such as word processing and spreadsheet software programs.

HMH Technology Private Limited is an Equal Opportunity Employer and considers applicants for all positions without regard to race, colour, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. We are committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation. For more information, visit https://careers.hmhco.com/. Follow us on Twitter, Facebook, LinkedIn, and YouTube.