Senior Security Compliance Analyst

As a results-oriented Senior Security Compliance Analyst, you will spearhead the execution of compliance security, policy, and privacy initiatives, ensure that compliance standards are met, and customer needs are satisfied. Int his role, you will develop and manage corporate compliance initiatives, work with internal and external customers and serve as a key advisor to cross-functional teams and company leadership while anticipating and identifying compliance requirements.

Responsibilities 

• Develop key compliance programs covering applicable laws, rules, and regulations, internal security and privacy policies and procedures, internal controls and contractual obligations.
• Provide subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including GDPR, CCPA, SOC2, ISO27001/2.
• Work closely with cross-functional teams to communicate, promote, and integrate control requirements.
• Interpret standards, requirements, and their application to the overall enterprise environment in the most reasonable and cost-effective manner.
• Develop, implement, maintain, and oversee enforcement of security policies.
• Collaborate with technology architects, engineering and security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements.
• Define the requirements and validate the procedures and audit testing methodology.
• Conduct regularly scheduled audits on systems and hosting third-party audits as required in order to achieve certifications.
• Work with the cross-functional teams to prepare ongoing client reporting, information for prospects and marketing materials.
• Provide training to teams as needed.
• Assist team members and internal clients in addressing highly complex security and compliance issues applicable to enterprise environment.

 Qualifications 

• Bachelor’s Degree preferred in a technology-related field  such as Cyber Security, Business Technology, or Computer Science.
• 6+ years’ of relevant work experience  in a combination of compliance, risk and information security positions.
• Working knowledge of information security best practices such as: NIST 800 series, ISO 27001 series, GDPR, etc.
• Must possess an active professional security certification, such as CISA, CISM, CDPSE, or CISSP.
• Minimum 3  years’ regulatory industry knowledge of GDPR, CCPA, SOC2, ISO27001/2, AND NIST.
• Solid understanding of the internal controls environments and how that drives a compliance.
• Innovative thinking and leadership skills with an ability to lead and motivate cross-functional, interdisciplinary teams. Manage cross functional compliance initiatives.
• Excellent English written and verbal communication skills.
• Excellent time management, prioritization and multitasking skills.