Senior Analyst – Information Security Governance, Risk & Compliance

📋 Description

• Support the management of a compliance program encompassing a range of internal and external audits and certifications, ensuring that the company adheres to documented and sustainable compliance practices.

• Assist in the development and execution of compliance processes aimed at automating and continuously monitoring information security controls, exceptions, risks, testing, and evidence artifacts.

• Create reporting metrics and dashboards for compliance visibility.

• Aid control owners in defining their responsibilities and establishing control standards for regulatory and compliance objectives, which include but are not limited to audits and certifications such as SOX, PCI, HIPAA, SOC1/2, FED RAMP, HITRUST, ISO 27001/27017/27018, Cyber Essentials, etc.

• Map and sustain a common controls framework along with control scope and applicability for various compliance initiatives and information security policies.

• Contribute to the establishment of an Information Security GRC Center of Excellence by offering audit and assurance services that support a range of compliance projects.

• Provide subject matter expertise in compliance and advisory services to stakeholders and control owners.

• Document and communicate control failures and gaps to relevant stakeholders.

• Offer remediation guidance and prepare reports for stakeholders to monitor remediation efforts.

• Assess and report any security or compliance risks to be included in the company risk register.

• Consult on the development of security standards, procedures, and controls to effectively manage risks.

• Collect requirements to guide assigned controls within the centralized GRC tool and audit/certification document repository to maintain compliance program information across the organization.

• Collaborate with business unit and product-level compliance teams to enhance and align with a unified company compliance plan and methodology, ensuring efficient, effective, and agile processes.

• Deliver dashboards and reports based on routine assessments and evaluations of the effectiveness and efficiency of controls.

• Execute operational activities related to the compliance program and escalate deviations as necessary.

• Conduct audit services, including risk and gap assessments for business units as required.

• Provide input for responses to company-wide compliance-related requests from customers, partners, and third parties.

• Embrace Agile methodologies and foster automation across all initiatives to enhance work quality and serve as a role model for others.

⛳️ Requirements

• Bachelor's Degree in Computer Science or a related discipline.

• Over 5 years of experience in information security management, governance, and compliance principles, practices, laws, rules, and regulations.

• More than 5 years of experience in auditing information systems, monitoring, controlling, and assessment processes.

• Expertise in Risk assessment and direction methodologies.

• Familiarity with recognized IT Security-related standards and technologies.

• Ability to work effectively within cross-functional and interdisciplinary teams to achieve both tactical and strategic objectives.

• Proven project management, organizational, and facilitation skills.

• Exceptional communication and presentation abilities.

• Proven capacity to be an effective member of the InfoSec GRC team and to convey security-related concepts to a diverse group of technical and non-technical management and staff.

• High level of personal integrity, with the ability to handle confidential matters professionally and demonstrate sound judgment and maturity.

• ISO LA, PCI QSA, CISSP, CISM, CISA, ITIL, or GIAC certifications are preferred.

🏝️ Benefits

• Benefits and perks typical of larger technology companies.

• Freedom to make a significant impact on the organization.