Senior Analyst – Information Security Risk & Compliance

About Us

With electric vehicles expected to be nearly 30% of new vehicle sales by 2025 and more than 50% by 2040, electric mobility is becoming a reality. ChargePoint (NYSE: CHPT) is at the center of this revolution, powering one of the world’s leading EV charging networks and a comprehensive set of hardware, software and mobile solutions for every charging need across North America and Europe. We bring together drivers, businesses, automakers, policymakers, utilities and other stakeholders to make e-mobility a global reality.

Since our founding in 2007, ChargePoint has focused solely on making the transition to electric easy for businesses, fleets and drivers. ChargePoint offers a once-in-a-lifetime opportunity to create an all-electric future and a trillion-dollar market.

At ChargePoint, we foster a positive and productive work environment by committing to live our values of Be Courageous, Charge Together, Love our Customers, Operate with Openness, and Relentlessly Pursue Awesome. These values guide how we show up every day, align, and work together to build a brighter future for all of us.

Join the team that is building the EV charging industry and make your mark on how people and goods will get everywhere they need to go, in any context, for generations to come.

Discover what it’s like to help build the fueling network of the future - check out our Engineering Blog.

Reports To

Manager, Security Risk and Compliance

What You Will Be Doing

ChargePoint is looking for Risk and Compliance Analyst who will help manage our security risk and compliance program and provide governance and risk management oversight; establish and manage our security policy framework and relevant standards; oversee applicable security, privacy, contractual and compliance requirements through controls definition, assessment, and process oversight.

The Analyst will support different risk and compliance initiatives part of our risk and compliance program within the Information Security team. The Analyst will be responsible for managing our third-party risk management program by reviewing vendors/ suppliers, responding to customer queries and reviewing contracts.

What You Will Bring to ChargePoint

• Introduce innovative, differentiating cybersecurity capabilities that enhance our overall competitive advantage and align risk strategies with business priorities
• Program execution dealing with audits, compliance checks and external assessment processes for internal/external auditors, ISO 270001, PCI, SOC2, NIST 800-53, GDPR and third-party vendors
• Program and Project management experience – working with tools such as Jira, Confluence, SharePoint, GRC platforms, etc.
• Enhance and automate our third-party risk management program. Audit third parties / vendors on an on-going basis based on the defined framework
• Work with other teams like Engineering, H.R. etc. to gather artefacts and perform audits on an on-going basis
• Assess and determine design effectiveness of internal controls . Experience with different cloud environments and technologies like AWS, Linux, others
• Demonstrate the ability to exercise judgment and display a high standard of ethics and professionalism
• Demonstrate exceptional communications skills, both written and verbal, with the ability to understand complexities of the business and technologies

Requirements

• 4+ years of experience performing or leading GRC activities or programs to support compliance efforts
• Experience performing third party cybersecurity assessments
• Excellent oral and written communication and interpersonal skills with emphasis on building strong, longer-term relationships worldwide across different geographies and functions
• Detail oriented, self-motivated with the ability to meet project deadlines and deliverables in a fast-paced environment
• Prior experience with security policy, standards, and controls definition across multiple compliance frameworks (PCI, SOC2, ISO, etc.)
• Experience with GRC platforms, reporting tools and presenting compliance reports to senior stakeholders
• Experience implementation security training and awareness initiatives to educate stakeholders regarding security risks
• Maintain a common controls framework that aligns with applicable security standards and regulations
• Strong understanding of framework such as NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20, COSO, and leading business practices
• Security and audit certifications like CISA, CISSP, others are a plus but not mandatory.

Good to have

• Practical experience working with business continuity and disaster recovery standards, frameworks, and methodologies, such as ISO 22301, NIST SP 800-34, and BCI Good Practice Guidelines
• Has a strong understanding of risk management principles and practices, such as ISO 31000, COSO ERM, NIST SP 800-30, and leading information security practices.
• Knowledge of the incident management and crisis response principles and practices, such as NIMS, ICS, and ISO 22320.
• Experience performing third party cybersecurity assessments
• Experience implementing security training and awareness initiatives to educate stakeholders regarding security risks
• Experience working with various cloud and infrastructure security tooling such as CSPM, DSPM, ASM, FIM, etc.
• Certification in business continuity and disaster recovery, such as CBCP, CBRM, CRISC, CISA, or ISO 22301, is a plus.

Location

Bangalore - India or Remote 

We are committed to an inclusive and diverse team. ChargePoint is an equal opportunity employer. We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status or any legally protected status.

If there is a match between your experiences/skills and the Company needs, we will contact you directly.

ChargePoint is an equal opportunity employer. 
Applicants only - Recruiting agencies do not contact.