Full-Time Senior Security & Compliance Analyst
Job Description
What You’ll Do:
- Assists team with enterprise audits and implementation of various controls to meet our compliance program requirements. Compliance programs include: FedRAMP, ISO 27001, SOX, PCI, HIPAA, CCPA, SOC 2 Type 2, EU GDPR, ITAR, etc.
- Performs control reviews, and gap assessments for new products and mergers & acquisitions for inclusion into the GRC Program and audit scope.
- Conducts periodic control reviews and works with control and process owners to determine control effectiveness, document control implementation, and identify evidence requirements. All control reviews will be combined into a management report containing issues, proposed recommendations and remediation timelines. Risks and control weaknesses will be documented and tracked to resolution.
- Work cross-functionally with internal Security, Operations, Product and Legal on planning and implementing company specific security controls, processes, and programs to meet compliance requirements.
- Subject matter expert (SME) for assigned control families and assists GRC team and auditors during audits & assessments. Assigned GRC SMEs become the lead for their control families and evaluate controls across all programs and products, ensuring compliance across all frameworks.
- SMEs will also communicate requirements changes to control owners and facilitate control evaluations and changes.
- Manage evidence and artifact requirements, collection, and communication with stakeholders.
- Support control mapping to common controls and audit artifact requirements.
- Stays abreast of regulatory environments and ensures corporate compliance initiatives are evolving to meet the needs of the customer base.
- Drives continuous improvement around security, compliance and risk governance.
- Responsible for reporting key operational metrics and management reports.
- Coordinate and participate in various special projects.
About You:
- Minimum 5 years’ experience in a regulatory environment, IT security/compliance field or similar environment.
- Experience with the ISO 27001, PCI, NIST and/or SOX.
- Prior experience with compliance auditing, internal audits, and/or documentation in support of audits.
- Experience working with GRC programs preferred.
- Previous cloud compliance and audit experience preferred.
- Bachelor’s degree in related field or equivalent experience preferred.
- Excellent communication skills (research, writing and verbal).
- Technical writing experience must include policies, procedures and guidelines.
- Project management experience is preferred.
- Experience analyzing business processes and putting together process flow, and recommending process changes and efficiencies.
- Ability to interact with management and staff in a fast paced team environment.
- Self-starter and motivator; ability to work with minimum supervision.
- This job description is not an exhaustive list of all duties, responsibilities or qualifications associated with this job.
How to Apply
To apply, visit https://jobs.lever.co/coupa/f30002fa-69cd-4c85-b616-7e6945ad0184.743 total views, 0 today