Exciting career opportunities in the language access industry are waiting for you at LanguageLine Solutions. Whether you work in the corporate office, in one of our satellite offices, at our Interpreting Call Centers, or work from home, you can help make a difference in someone’s life every second of every day.
Job Description
JOB DESCRIPTION
Position Title: Technology Audit and Compliance Analyst
Reports To: Manager, Tech Audit & Comp
Department: Technology
Work Location: US (Remote)
Classification: Salary, Exempt
Responsibilities
Oversee programs, policies, and practices to ensure Language Line Solutions (LanguageLine Interpretation Services) complies with the Sarbanes-Oxley Act (SOX), SSAE16 SOC2, ISO27001, HITRUST, and customer audits related to the Information Services function.
Manage the development and testing of internal controls, reporting, and the identification of process deficiencies and improvements.
Responsible for security policy development, managing exceptions, promoting security awareness, conducting vendor risk assessments, monitoring cyber security, and addressing vulnerabilities related to CrowdStrike (EDR), Fortra, Qualys, and Kroll vulnerability and penetration testing results
Support LLS’ Quality Management System (QMS) to continually improve the Division’s processes, procedures, and services and thereby increase efficiency, productivity, effectiveness, and customer satisfaction.
Additional Functions
Identify areas for improvement in Technology control environments across LanguageLine Interpretation Services, LanguageLine Translation Services, Fluent, and LanguageLine UK Services.
Lead testing of Technology controls for SOX, SSAE16 SOC2, PCI, ISO27001, and HITRUST on a monthly, quarterly, and annual basis.
Develop, maintain, and publish up-to-date Information Security Policies.
Seek automation opportunities and efficiencies in current controls for internal operations at LanguageLine Interpretation Services, LanguageLine Translation Services, Fluent, LanguageLine UK Services, and key vendors.
Serve as a key liaison between Technology & Risk Management and business units.
Align technology and business goals, securing support for technology control and security initiatives.
Actively contribute to and manage a variety of security projects for both internal and external customers.
Act as a Technology Subject Matter Expert (SME) for external technology audits and assessments.
Serve as an SME for Technology Security and Awareness programs for internal and external customers.
Evaluate information technology general controls (ITGC) related to information security, systems development life cycle (SDLC), change management, data center/physical security, data backup and recovery, computer operations, and associated risk exposures.
Lead vulnerability and penetration testing, including for internal/external networks and Over-The-Phone, Video, and Document Translation applications.
Actively monitor emerging threats using available alerting services and follow the incident response process as needed.
Support tier 1, tier 2, and tier 3 initiatives.
Support our vendor management and audit program.
The full-time annual salaries for this role is listed below, . Please note that this salary information is solely for candidates hired to perform work within this location. Experience and education refers to LanguageLine Solutions’ current salary range for this position. US (Remote) pay range is $90,000 USD - $105,000 USD annually.
The actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate’s offer letter.
Qualifications
2-3 years of experience in information technology, including knowledge and application of information systems compliance and controls.
2-3 years of experience with underlying technologies such as networking, Active Directory, Windows Server, and Linux.
1-2 years of experience in a compliance-focused role, or equivalent.
1-2 years of experience with Technology SOX, SSAE16 SOC2, ISO27001, and HITRUST.
Experience auditing general controls related to logical and physical access, permission sets, password configurations, change management, and incident management.
Strong proficiency in the logical security of Active Directory and remote access technology.
Demonstrated ability to research, learn, and apply new and emerging technologies, with a solid understanding of state-of-the-art and emerging technology compliance, cyber security threats, Artificial Intelligence (AI), technology trends, vendors, and products.
Knowledge of HIPAA, PCI, NIST 800-53, HITRUST, ISO27001, and SSAE16 SOC2 requirements.
Ability to perform technical scans for infrastructure vulnerabilities using commercially available tools and follow patching and incident management processes as needed.
Experience creating patching service requests and tracking remediation efforts.
Must be capable of handling confidential or sensitive matters with professionalism.
Typical Physical Activity
Physical Demands
Constantly involves sitting, using hands to handle or feel, reaching with hands and arms, talking, and hearing.
Occasionally requires standing and walking.
Physical Requirements
Must have sufficient manual dexterity type in all Microsoft platforms.
Able to lift a minimum of 40 lbs.
Involves light physical activity performing non-strenuous daily activities of a primarily administrative nature.
Typical Environmental Conditions
Disclaimer
Must perform the essential duties and responsibilities with or without reasonable accommodation efficiently and accurately without causing significant safety threat to self or others. The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and/or skills. LanguageLine Interpretation services required of all personnel so classified.
If you are an individual with a disability and require reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact the Corporate Recruiting Team at CorporateRecruiting@languageline.com.
Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against based on race. color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information or any other consideration prohibited by law or contract.
Compliance with Disability Laws. It is the policy of LanguageLine that qualified individuals with disabilities not be discriminated against because of their disabilities in regard to job application procedures, hiring, and other terms and conditions of employment. It is also our policy to provide reasonable accommodations to qualified individuals with disabilities in all aspects of the employment process. We are prepared to modify or adjust the job application process or the job or work environment to make reasonable accommodations to the known physical or mental limitations of the applicant or employee to enable the applicant or employee to be considered for the position he or she desires, to perform the essential functions of the position in question, or to enjoy equal benefits and privileges of employment as are enjoyed by other similarly situated employees without disabilities, unless the accommodation will impose an undue hardship.
VEVRAA Federal Contractor requesting appropriate employment service delivery systems, such as state workforce agencies and local employment delivery systems, to provide priority referrals of protected veterans.
PAY TRANSPARENCY NONDISCRIMINATION PROVISION
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-I.35(c)
