IT Security & Compliance Analyst

Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a dynamic IT Security & Compliance Analyst to contribute to the success of our rapidly growing business.

You would act as IT Security and Compliance Analyst for our dynamic team. The ideal candidate will play a critical role in ensuring our organization adheres to security policies and compliance frameworks. The candidate should have expertise in policy governance, conducting risk assessments, managing third-party risks, conducting internal audits and implementing compliance frameworks and certifications such as SOC 2, HIPAA, ISO 27001/2017/27018, NIST 800-53, FedRamp, HIPAA, PCI-DSS, etc.

As an IT Security & Compliance Analyst, your responsibilities will include: 

• Policy Governance: Develop, review, and maintain IT security policies and procedures in alignment with industry standards and regulatory requirements.
• Risk Assessments: Conduct regular risk assessments to identify vulnerabilities, threats, and impacts to IT assets and operations. Evaluate the effectiveness of existing controls and recommend enhancements.
• Risk Management: Collaborate with various departments to develop and implement risk management strategies, including risk mitigation plans and monitoring processes.
• Third-Party Risk Assessments: Perform due diligence and risk assessments on third-party vendors to ensure compliance with security policies and frameworks. Monitor and manage ongoing third-party risk.
• Compliance Framework Implementation: Assist in the implementation and maintenance of compliance frameworks and certifications (SOC 2, HIPAA, ISO 27001/2017/27018, NIST 800-53, FedRamp). Prepare for and support audits and assessments.
• Documentation and Reporting: Maintain accurate documentation of compliance activities, risk assessments, and remediation efforts. Prepare reports for management and stakeholders.
• Continuous Improvement: Stay current with industry trends, regulations, and best practices in IT security and compliance. Recommend improvements to existing processes and controls.
• Internal Audits: Plan, execute, and manage internal audits to assess compliance with ISO 27001 standards and other relevant frameworks.

We are looking for: 

• Bachelor’s degree in information security, Computer Science, or a related field.
• 5+ years of experience in IT security, compliance, or risk management.
• Strong knowledge of security compliance frameworks and standards (SOC 2, HIPAA, ISO 27001/27017/27018, NIST 800-53, etc).
• Experience with risk assessment methodologies and tools.
• Familiarity with third-party risk management processes.
• Excellent analytical, problem-solving, and communication skills. 
• Experience with GRC tools. 
• Relevant certifications (CISSP, CISM, CRISC, or equivalent) are a plus.

About Our Team:

Join our team, known for its collaborative ethos, working seamlessly with global customers, internal engineering teams and product development groups. Our team culture emphasizes continuous learning, innovation, and a strong commitment to customer satisfaction. We embrace Fortinet’s core values of openness, teamwork and innovation, fostering an environment where team members support each other, share knowledge, and leverage AI to solve complex technical challenges. Our inclusive and dynamic team thrives on collaboration and is driven by the shared goal of maintaining Fortinet’s high standards of excellence in cybersecurity solutions.

Why Join Us:

We encourage candidates from all backgrounds and identities to apply. We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being. 

Embark on a challenging, enjoyable, and rewarding career journey with Fortinet. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.

The US base salary range for this full-time position is $150,000-$175,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.

Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.

All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.

#GD