Senior Security Analyst - GRC

Description

SPS Commerce is a leading provider of cloud-based supply chain management solutions, serving a global network of retail trading partners. We foster a collaborative and inclusive work environment where innovation and continuous improvement are highly valued. Join SPS Commerce and be part of a dynamic team that’s transforming the global retail supply chain!    

Position Summary: 

 The Sr. Security Analyst serves as a member of the Security Governance, Risk, and Compliance team to maintain the confidentiality, integrity and availability of sensitive company information. Responsibilities include a diverse set of IT security subject areas such as: HIPAA and Sarbanes-Oxley (SOX) compliance, SOC2, ISO 27001k, risk management, incident response, business resiliency preparedness, PII data protection, and identity and access management. This role is expected to design and develop programs to improve security standards, processes, procedures and solutions and to transfer knowledge to other Security Team Member roles. 

Key Responsibilities:   

•  Collaborate with others to understand processes, procedures, applications, and technologies 

• Drive application and technology compliance with corporate and regulatory policies/standards, and industry best practices 

• Design and develop programs to improve security standards, processes, procedures and solutions; transfer knowledge to other security team members 

• Participate in project work; perform security specific project tasks; lead large work streams 

• Facilitate external and customer security audits and assessments 

• Drives issues management and risk treatment processes 

• Lead and coordinate the activities of others within nature and scope of IT Security 

• Position Reports to the Sr. Manager of Security; has no Direct Reports 

Location:   

Minneapolis, MN 

Required Qualifications:   

• Bachelor’s Degree plus at least 5 years of relevant experience; Master’s degree plus at least 2 years of relevant experience; or equivalent combination of education and experience 

• Experience with planning, researching and developing security policies, standards and procedures, DR best practices 

• Experience with some common security frameworks such as ISO 27001, SOC 1 & 2, NIST CSF, CIS, HITRUST, NIST 800-53/171, CMMC, PCI, etc. 

• Experience working with vendors, auditors, assessors, 3rd party partners, affiliate and subsidiary organizations 

• Prior participation or responsibility for audits and assessments 

Preferred Qualifications:   

•  One or more industry certification - CISSP, CISM, CISA, GIAC, CCSP, 

• Executing cyber program maturity assessments or maturity enhancement initiatives 

• Experience with privacy principles, standards, and best practices to support secure and compliant solutions 

• Retail experience; working with technology and software 

• Strong business acumen - network, system or application design, implementation or support 

• System administration with experience across multiple platforms and applications 

• Experience with GRC tools, including AuditBoard (our primary platform), RSA Archer, MetricStream, or similar compliance and risk management systems. 

What We Offer:    

At SPS Commerce, we are committed to ensuring that each employee's compensation reflects their unique experiences, performance, and skills in their role. The salary range for this role considers several factors, including education, relevant skills, work history, certifications, location, and more.   

The annual salary range for this role is: $100,200- $150,400. The actual salary offered will be determined based on the factors listed above and may fall anywhere within the range.    

SPS Commerce offers a comprehensive package of benefits including health, dental, vision, disability and life insurance, paid time-off, 401(k), health and flexible spending accounts, stock purchase plan and more.