Want to be part of a company that is changing the game for some of the world’s most notable brands and disruptive companies? We thought so.
The InfoSec & Audit Senior Analyst will be based in San Antonio, TX and serve as the primary point of contact for all matters of information security, IT compliance and audit at the San Antonio, TX and Tijuana, Mexico sites. This position will directly contribute to the overall global enterprise security architecture and strategy around cloud-based applications, and will oversee operations fraud/risk management at the site and in Tijuana, MX. The Senior Analyst will regularly engage with client IT and security teams to address their specific campaign requirements, and will maintain oversight of all site security certifications.
At TaskUs we look for individuals who are constantly striving for excellence in both their personal and professional lives. Our rapid growth demands high performance, and we're proud to say that we have a talented and motivated team along for the ride. If you’re looking for a new challenge or just want to be a part of something historic, join us. Let’s change the way the world works.
Responsibilities (including, but not limited to):
- Facilitate the integration of security controls within entire corporate environment, especially cloud domains, in line with applicable requirements from PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001. These security certifications will all apply to the San Antonio site and thus the Senior Analyst must work with the PH security compliance team to actively track and maintain compliance status in advance of regular audits.
- Design and develop security architectures for on-premise, cloud and cloud/hybrid based systems. Possess a firm understanding of the offerings within both AWS and the major enterprise SaaS products in use. Based on business requirements, design and implement cloud-native architectures and designs that will allow those requirements to be met with a minimal degree of risk to TaskUs and with appropriate security controls present.
- Develops/evolves security standards in partnership with InfoSec Engineering, Infrastructure Services, and Application Development.
- Identifies, recommends, coordinates, and/or conducts informal/formal training sessions to deliver timely knowledge to IT support teams regarding technologies, processes or tools. Develops and executes strategies to increase cloud and data security knowledge throughout the enterprise, as well as developing and mentoring more-junior security analysts and IT engineers.
- Conduct operational risk & fraud reviews for all campaign operations in conjunction with the Fraud Prevention and Audit team based in PH.
- Protect the company from internal data theft, financial loss due to a breach or an external attack on its information systems.
- Collaborate with management to form and execute technology strategies, and provide technical expertise and recommendations for InfoSec projects and major IT initiatives.
- Execute complex security upgrades, certifications, and compliance initiatives.
- Identify opportunities for automation, cost savings, and service quality improvement.
- Maintain awareness of trends in state-of-the-art technologies in the information security industry.
- Perform research of third-party technologies, tools, and applications that are introduced during the evaluation/procurement process.
- Strengthen client relationships by coordinating security solutions and functions to address complex business problems that strengthen TaskUs’ position with clients.
- Maintain an organization-wide view of current and future IT security architectures in support of company goals and objectives.
- Strong interpersonal and communication skills; ability to partner with other leaders across the business to identify opportunities and risks and develop and deliver solutions that support business strategies and protect TaskUs’ intellectual property globally.
- Expertise – Collaborate with IT Managers, Operations Managers, and InfoSec teams, to architect and design on-premise and cloud security solutions. Knowledge of cloud security services within AWS and SaaS platforms.
- Delivery – Complete campaign IT and Ops risk assessments across the various stages of implementation, reinforce the use of security solutions and systems hardening to mitigate identified risks to sensitive data and to enforce control over cloud applications.
- Security Technology Strategy - Work with engineering, service and business teams to create technology roadmaps in support of the secure implementation of client IT requirements.
- Execution - Support site IT in the management and implementation of security technology solutions, serving as a liaison to the InfoSec teams working from PH.
- Bachelor’s degree in MIS/Computer Science or Business and/or a combination of education and relevant experience.
- A minimum of 5-7 years IT experience; at least three of those years focused on IT security and/or IT audit.
- An industry recognized information security or audit certification, such as CIA, CISA, CISM, CISSP, or CEH.
- In-depth and hands-on experience with at least 2 of the following compliance requirements: PCI DSS, SOC 2, HIPAA/HITRUST and ISO 27001.
- Proficiency with, or the ability to quickly learn, McAfee endpoint security suite (AV, DLP, FDE) and Carbon Black Protect application whitelisting products.
- Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes including secure software development, application security, data protection, cryptography, key management, identity and access management (IAM), and network security within SaaS, IaaS, PaaS, and on-premise environments.
- Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (SAML, OAuth, OpenID, etc).
- Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
- Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
- Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.
- Sound technical writing, documentation, and communication skills are required.
- Strong understanding of enterprise, network, system and application level security issues.
- Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks.
- Understanding of the system hardening processes, tools, guidelines and benchmarks.
- Possess good project management skills with the ability to self-start projects.
- Ability to handle sensitive and/or confidential material and information with suitable discretion.
- Excellent interpersonal skills and a professional demeanor.
- Standing and sitting for sustained periods of time, at least 50%.
- Ability to travel up to 15% of the time.
- Close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.
TaskUs provides next generation customer experience that powers the world’s most disruptive companies through the partnership of amazing people and innovative technology.
We provide Ridiculously Good strategy, business process optimization, revolutionary technology and the best talent to deliver transformational, digital scale.
Our people are at the heart of everything we do. We embrace a culture that fosters a best-in-class employee experience. It’s no wonder we have been named as one of the “Best Places to Work” by the LA Business Journal.
TaskUs has been recognized on the Inc. “5,000 Fastest Growing Private Companies in America” list the past five years. TaskUs is headquartered in Santa Monica, California, with operations across the United States, Latin America and the Philippines.
TaskUs, Inc. is an equal opportunity employer.
TaskUs provides next generation customer experience that powers the world's most disruptive companies through the partnership of amazing people and innovative technology. We provide Ridiculously Good strategy, business process optimization, revolutionary technology and the best talent to deliver [...]