Job Description

Responsible for:

The IT Compliance Analyst works with the Team Lead - IT Compliance, to support the General Manager Information Security & Governance ensuring that Fujifilm DMS information security policies and standards, are implemented, audited for compliance, and maintained across the business.

The IT Compliance Analyst will work with various business and technology teams to provide highly effective people, process and technology controls that are focused on improving the information security and risk posture.

The IT Compliance Analyst will be concerned with maintaining and improving the security and resiliency of the Fujifilm DMS computing environment and protecting customer and employee confidential information and complying with audit and regulatory requirements.

Extent of Authority:

• Provide document IDs, maintain ISMS Document Register, co-ordinate document review and approval activities, publish approved documents on the corporate intranet, and communicate release of ISMS documents to all applicable staff in accordance with Quality Document Control procedures
• Purchase of new or renewed SSL certificates is dependent on prior documented approval from the Team Lead – IT Compliance or delegate.
• Purchase of new or renewed Digital Email Certificates is dependent on a documented request from the Technical Support Manager (or delegate).
• Prepare vulnerability scanning reports for Fujifilm APO operating companies monthly, and for Fujifilm DMS on a quarterly basis.

Main Activities:

• Observe and contribute to the development and continual improvement of Fujifilm DMS Information Security Policies, Standards and Procedures in accordance with legal and regulatory requirements and industry best practices
• Participate in the implementation, development and maintenance of information security management controls for applicable industry and regulatory standards, e.g. ISO/IEC 27001 Information Security Management System (ISMS), Payment Card Industry Data Security Standards (PCI DSS), Australian Government ISM Controls, etc.
• Participate in the investigation, administration, and evidence collection for Security Incidents in accordance with the Fujifilm DMS Security Incident Response Plan where requested.
• Document control and publishing of ISMS documentation, including maintaining the Information Security Document Assurance framework.
• Report and record identified security weaknesses and incidents in the corporate HEAT system and escalate to the Team Lead – IT Security or General Manager Information Security & Governance.
• Participate in the scheduling of Information Security Governance activities in the ISG Calendar, assignment of activities to owners, tracking of assignments and completion of activities.
• Participate in and assist with the preparation for external audit activities, including documentation and evidence collection where requested.
• Record the findings resulting from client and external audit activities, identification of business owners and tracking of remediation tasks, preventive actions and evidence collection where requested.
• Contribute to the continual improvement of information security awareness across Fujifilm DMS through the preparation and delivery of training presentations, security related communications.
• Administration of the respective MPKI consoles for the application and renewal of SSL certificates and digital email certificates, and maintenance of related certificate renewal and key management documentation
• Administration including calendaring and registration of encryption keys on behalf of the ITO Team.
• Contribute to the collection and reporting of information security metrics for quarterly distribution.
• Develop and maintain the ISG Calendar to reflect both one-off and regularly occurring security and compliance activities for tracking and reporting purposes and raise associated HEAT Calls.
• Conduct internal Compliance Assessments as per ISG Calendar and report findings, identify opportunities for improvement, make recommendations to Team Lead – IT Compliance prior to obtaining final approval
• Administration, contribution and tracking of Security Questionnaires, noting that approval is required by the Group General Manager Information Security & Governance prior to release.
• Administration and tracking of Security Exemptions Requests (SERs) in the corporate HEAT system, including review, assess risks, and make recommendations to the Team Lead – IT Security or Group General Manager Information Security & Governance regarding approval.
• Vulnerability management tracking and recording of results of external and internal penetration testing and vulnerability scanning activities in the tracking database for remediation for Fujifilm DMS.
• Co-ordinate and contribute to Access Control and Entitlement Reviews with technology teams and business owners, and ensure outcomes and remediation activities are recorded and tracked to ensure compliance with audit requirements
• Perform security event monitoring for internal and external SIEM and other technologies including the recording of security events, triage, assignment, investigation and resolution
• Monitor security mailboxes (e.g. IT Security DMS) for emails, requests, incidents, queries, etc. and allocate to the relevant ISG team member for response and action.
• Expected to demonstrate a willingness to learn some of the tasks and responsibilities of the Team Lead – IT Compliance and to assist with tasks when requested, noting that the IT Compliance Analyst may be called upon to carry out components of the Team Lead – IT Compliance job when unavailable or on annual leave.
• Be flexible and willing to perform any other tasks as assigned by management
• Ensure you do not discriminate against, harass or bully co-workers, prospective co-workers, Fujifilm Document Management Solutions Pty Limited (Fujifilm DMS) sub-contractors, visitors, clients or customers and ensure you treat people with fairness and respect in the performance of your duties.
• Ensure all Fujifilm DMS policies, including Business Management System and Information Security policies and procedures are adhered to
• Ensure Work Health and Safety policies and procedures are adhered to
• Ensure that you, and employees within your area of responsibility, take care at all times to work in a safe manner and report workplace hazards.

Key Skills:

• Good understanding of IT concepts with experience in either information security, risk management, IT infrastructure Management, IT application development or IT Support/Help Desk.
• Good analysis and problem-solving skills
• Professional and courteous in written and verbal communications
• Good interpersonal and consultative skills
• Ability to escalate problems and liaise with technical teams to formulate actions as the need arises

Personality Traits:

• Self-motivated

• Dependable and enthusiastic

• Positive attitude

• Attention to detail

• Process driven; especially important for developing and improving procedures

• Organisation and time management skills

• Co-operative and willing to work in a team environment

• Flexible with approach and considerate of others’ opinions

Qualifications and Typical Experience:

Detail the minimum level of formal qualification and experience required to do the job.

• Familiarity with service management principles, e.g. incident, problem and change management, asset management, etc.
• Demonstrated growth and accomplishments in past work
• Demonstrated experience in negotiation with internal stakeholders, in particular IT technical teams, to achieve outcomes
• Ability to interact in a professional manner, and to build relationships with a broad range of people, and to work in a team environment
• Understanding of technology and business processes to achieve problem resolution
• Ability to review and recommend improvements to key processes related to IT Compliance

Special Circumstances:

Detail what is special, unusual or hazardous about the job or the environment in which it is to be performed. Add/delete/amend the points provided below in accordance with the role requirements.

• Employment is dependent on a national police criminal history check that is acceptable to FUJIFILM.
• Additional security clearances may be required as requested by FUJIFILM or its clients.
• Required to work reasonable additional hours as may be necessary to meet the requirements of the position.
• Maintain FUJIFILM and client confidentiality.
• Some travel may be required to various FUJIFILM sites, interstate or overseas to meet requirements of the role.
• May be needed to be on-call from time to time to meet requirements of the role.