Senior Security Compliance Analyst

By joining our team as the Senior Security Compliance Analyst, you will provide support and solutions to a growing team spread around the globe. You will play a key role in supporting the security compliance and governance function to advance a pragmatic and effective Information Security Program. This includes creating and developing scalable and repeatable processes to meet ISO 27001 and SOC 2 in support of regulatory requirements e.g., HIPAA, GDPR.

What You’ll Be Working On

• You will lead the Security Team and larger organization on satisfaction of the quarterly ISO controls requirements, ISO surveillance audits, 2022 SOC 2 Examination and once achieved, SOC 2 maintenance. 
• Manage the company's existing security certification lifecycle and acquire new certifications as necessitated by the company's security and business needs.
• Engage in cross-functional (cross-departmental) oversight to ensure compliance with certification standards and associated policies and procedures, leading to external audits without significant findings.
• Partner with an outsourced “internal” audit function to monitor and improve security policies, procedures, and standards, consistent with security certifications and frameworks i.e., ISO 27001, SOC 2.
• In conjunction with associate members of the Security Team, prepare for internal and external certification audits of the Information Security Program by organizing requests, gathering evidence, and authoring responses to external auditors. 
• Work with associate members of the Security Team to ensure they respond to customer security audits and questionnaires in a manner consistent with the Information Security Program and associated certifications i.e. ISO 27001, SOC 2. 
• Responsible for managing internal audit/reviews for ISMS controls and coordinating remediation.
• Manage periodic reviews of security policies and procedures.
• Recommend, drive, and implement improvements to the company’s Information Security Risk Management program.
• Develop and maintain risk register contents and underlying workflows to track identified risks, risk owners, and action plans for risk remediation.
• In conjunction with Security Management, design, compile, and report metrics of Information Security Program, including KRIs/KPIs.

What You’ll Bring to OneStudyTeam

• Experience leading a successful ISO 27001 or SOC 2 certification effort is required. 
• 5 or more years experience in a dedicated information security role in a HIPAA, or other regulated environment (e.g., GLBA, PCI) is required.
• Security Certification (e.g., CISA, CISM, CISSP) is highly desirable. 
• Proficient in both gap analysis and risk assessment methodologies.
• In-depth understanding of the following topics as they relate to security policy, procedure, and enforcement: access control, data classification, change management, asset management, business continuity, disaster recovery, incident response, vulnerability management, secure development lifecycle, source control, and endpoint protection.  
• Technical background sufficient to understand high level concepts related to public clouds (AWS or GCP), agile software development life cycles, source control, continuous integration/deployment, virtual private networks, and modern web applications.
• Clear and concise writing style with excellent verbal communication and listening skills and the ability to interface with all levels of business. 
• Experience working with a broad array of business units/departments, helping to implement security strategies and solutions with the ability to translate complex concepts to stakeholders at all levels of technical ability. 
• Ability to think critically and pragmatically while seeing tasks through to completion.