Sr. Compliance Analyst

We are looking for a Sr. Compliance Analyst. This is a REMOTE and FTE position. Apply if interested.

Required Experience:

3

+ Years
Job Locations:

Remote

Location Restrictions:

Remote

Basic Qualifications and

The Sr. Information Security Analyst is part of the Security team with a primary responsibility in maintaining security documentation and supporting internal and external security assessments of cloud systems and products to ensure cohesive awareness of risk and risk reduction capabilities. Owns delivery of assigned security compliance projects in support of ongoing compliance programs. Assist team with other security and/or privacy compliance projects as assigned. Services should be performed in accordance with professional and department standards. Responsibilities include assessing the current adequacy of security strategy and controls for assigned systems, calculating the impact of potential adverse events, and facilitating risk mitigation planning and review sessions. This role assists with internal and third-party risk assessments.

Responsibilities
  • Project manages security and privacy-related risk management framework projects using project and service management best practices for key compliance programs
  • Prepares for, participate and support security certification and compliance audits efforts including CCPA, GDPR, FedRAMP, ISO 27001, and others as assigned
  • Supports internal and external audits by gathering or coordinating the collection of necessary evidence
  • Contributes to process improvements and workflow development for the identification, measurement, management, tracking, and reporting of information risks and findings
  • Manages and maintains SLAs on audit and continuous monitoring findings.
  • Creates data flow mapping spreadsheets, conducts privacy impact assessments, reviews/updates privacy policies, and reviews vendor data processing agreements to support the various privacy compliance projects
  • Collaborates with corporate counsels and HR departments to monitor enforcement of standards and regulations
  • Reviews the work of colleagues when necessary to identify compliance issues and provide advice or training
  • Oversees continuous monitoring programs ensuring all monthly, quarterly and annual continuous monitoring task are completed on time
  • Reviews and process monthly vulnerability scan results and works with the technical teams to ensure vulnerabilities are resolved on time
  • Maintains and publishes security policies and plan documentation including but not limited to the System Security Plan, Incident Response Plan, and Contingency Plan
  • Participates in the publication of periodic program status covering overall security/privacy priority initiatives, associated milestones, deliverables, and success criteria
  • Prepares reports on key metrics for senior management and external regulatory bodies as appropriate

Required Skills and Experience

  • You have 3+ years in working with information security governance, compliance, or auditing with at last 2-years’ experience directly using a NIST-basedSP-800-37 security management framework
  • You have 2+ years managing multiple projects
  • You are familiar with and have direct experience with information security principles, standards, tools and methodologies
  • You have strong problem solving and analytical abilities with the ability to prioritizing large amounts data
  • You can effectively handle ambiguous, dynamic tasks and can switch gears in response to events and circumstances
  • You can write clear, concise, comprehensive presentations. You understand how to communicate clearly to small groups
  • You have cross-group collaboration, project management, interpersonal awareness and virtual team leadership capabilities
  • You are results oriented with the ability to self-manage and work independently 
  • You are adept with Microsoft Word, Excel, and PowerPoint

Interested in this position?
Fill out the form below!