Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs - Sr Risk Compliance Analyst Irvine, CA GSEC InfoSec Jobs


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sr. Risk & Compliance Analyst
Company Alteryx, Inc.
Location Irvine, CA
Preferred GIAC Certifications GSEC
Travel 25%
Salary Not provided
URL https://goo.gl/vBDNQh
Contact Name Hollymarie Britt
Contact Email hbritt/at/alteryx.com
Expires 2018-11-01

Job Description

Position: Sr. Risk & Compliance Analyst
Location: Irvine, CA

Revolutionizing business through data science and analytics, Alteryx offers an end-to-end analytics platform which empowers data analysts and scientists alike to break data barriers, deliver insights, and experience the thrill of getting to the answer faster. Organizations all over the world rely on Alteryx daily to deliver actionable insights.

Join our team of passionate and hard-working associates, and help make a difference in people’s lives by creating software that enables business users to solve problems using data that were previously thought to be unsolvable, save them days, weeks and months of mundane data prep and blending, and help them truly love their jobs again.

Overview:

Alteryx is hiring a talented Sr. Risk and Compliance Analyst at our Irvine HQ. Reporting to the Vice President of Information Security and Data Privacy, the Sr. Analyst is responsible for maintaining global compliance. This role lends itself well to a technically experienced Risk and Compliance professional with the ability to understand, implement and effectively communicate Company controls to current associates, prospects and existing customers.

The Sr. Analyst will drive remediation/changes within the organization and maintain a reliable, resourceful, customer service and can-do attitude. You will be a key member of the Information Security team and responsible for the assessment, creation and implementation of security policies, standards, methodologies and processes. Compliance initiatives are focused on, but not limited to ISO 27001, ISO 27018, AICPA SOC1 and SOC2, PCI, CSA, NIST and FISMA/FedRAMP.

Responsibilities include but not limited to:

-Lead the Implementation of the Risk Management framework, policies and procedures
-Assess existing networks and cloud architecture for secure configurations and compliance
-Assess environments and create Risk Migration plans
-Review existing security policies, update policies and implement global policies
-Data Analytics experience working with spread sheets and large amounts of data
-Drive integration of remediation efforts with the existing risk management process
-Implement global Security Awareness Training
-Lead and assist with successful completion of certifications and industry/regulatory compliance activities
-Successfully project manage and drive remediation activities across various teams within the organization
-Ability to interact with external prospects as well as customer compliance teams
-Contribute by enhancing and maturing the existing cloud compliance frameworks
-Perform activities to help measure and monitor compliance with company policies and procedures
-Facilitate customer requests and information gathering for audit activities (customer external security audits)
-Ability to review security contracts exhibits and provide expert advice to the Legal and Sales teams
-Enhance Compliance dashboard for management level reporting
-Approximately 25% of domestic and international travel
-Audit third-party vendors for policy and contract compliance

Qualifications:

-7+ years working in the field of risk and compliance or information security
-2 years' experience with 3rd party Vendor Risk Assessments, encryption technologies and network security (IDS/IPS, firewalls)
-Bachelor’s degree in Information Security and/or Cyber Security or equivalent
-CISSP certification is required. CCSP is a definite plus
-Experience in assessing Cloud Security platforms such as AWS, Microsoft and Google Cloud Solutions
-Direct and recent working experience with the following compliance programs: ISO 27001, ISO 27018, SSAE18 SOC1 Type 2/SOC2 Type 2, CSA and FISMA/FedRAMP
-Strong understanding of network security architecture
-Ability to manage multiple small, medium to large security and compliance projects
-Excellent report writing skills, ability to prepare compliance reports and associated metrics
-Must be able to effectively communicate technical details and thoughts in non-technical/general terminology
-Strong organizational, multi-tasking and time management skills.
-Strong interpersonal skills to effectively interact with customers, team members, and senior management
-Team player, a self-starter which takes initiative
-Has mastered the Security Core concepts: Inventory Management, Vulnerability Management, Configuration Management, Patch Management and Risk Assessments

Desired Skills & Experience:

-Prior experience working in the Security and Compliance group of a SaaS/Cloud company or a Security Risk and Compliance practice of a top accounting firm
-Other Relevant professional certifications such as CRISC, CISA, GIAC, CRISC and PMP
-Ability to assess and implement a GRC tool which meets internal and external needs

Unsolicited third party/agency profiles and resumes will not be considered. Please do not inquire.
Alteryx, Inc. is an Equal Employment Opportunity Employer