Senior Security Risk and Compliance Analyst

As a results-oriented Senior Security Risk & Compliance Analyst, you will spearhead the execution of compliance security, policy, privacy initiatives, and manage the development and execution of company-wide risk management program.  In this role, you will develop and manage corporate compliance initiatives, work with internal and external customers, mature and promote risk initiatives, manage third party risk, and serve as a key advisor to cross-functional teams and company leadership.

RESPONSIBILITIES

• Provide subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including GDPR, CCPA, SOC2, ISO27001/2.
• Work closely with cross-functional teams to communicate, promote, and integrate control requirements.
• Develop, implement, maintain, and oversee enforcement of security policies.
• Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to achieve certifications.
• Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27001 series, GDPR, etc.
• Manage the company-wide risk management program in alignment with the security review board and senior management teams.
• Perform assessments of vendor risk, develop mitigation plans and partner with internal stakeholders to assign monitoring responsibility.
• Partner with IT and Engineering teams to conduct, remediate and maintain a solid and mature cybersecurity posture.
• Serve as an active participant and subject matter expert in the security incident response process.
• Prepare status reports for management on security matters and develop security risk analysis scenarios and response procedures.
• Perform periodic assessments of information systems, people, and processes to identify security vulnerabilities and develop and execute remediation action plans.

QUALIFICATIONS:

• BS or Masters in a technology-related field.
• 6+ years’ experience working in a combination of compliance, risk and information security positions.
• Must possess an active professional security certification such as CISA, CISM, CRISC, CISSP.
• Working knowledge of common information security management frameworks, such as NIST, ISO27001/2.
• Working knowledge and experience with security tools: forensics, cyber assessments, code analysis.
• Familiar with compliance legislation, including GDPR and similar regulations or statutes, and ability to leverage other internal/external resources.
• Solid understanding of the internal controls environments and how that drives a SOC2 Type II and similar attestations.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Excellent English written and verbal communication skills.