Security & Compliance Analyst

Join the Security team at Appspace as a Security and Compliance Analyst and gain valuable insight and experience with protecting high scale cloud services. In this newly created role, you will be an integral part of a team that designs, builds and deploys solutions to protect Appspace and its customers against advanced adversaries.

Responsibilities

• Participate in planning, scheduling, and preliminary analysis for internal and external audit projects.
• Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach, and deliverables.
• Work closely with external auditors and internal audit teams on managing and supporting the audits.
• Identify, document, and map technology processes and internal controls of applicable technology infrastructure and operational areas per the scope of the audit project.
• Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas.
• Complete audit testing, inquiry, observation and other analysis required to meet objectives of audit projects.
• Assist in the development of the company’s security program, policies, and standards.
• Keep existing policies and procedures aligned with audit and security requirements.
• Request and review vendors’ auditing documentation to ensure alignment with Cloud Ops internal controls and provide assessments and recommendations.
• Respond to internal and external compliance inquiries.

Experience, Skills, and Education

• Bachelor’s degree in Information Systems preferred (otherwise Engineering and/or Business) and at least 2 years of professional working experience post-undergrad.
• Experience in internal or external audit in the IT risk and compliance space.
• Understanding or interest in Cloud industry technologies and IaaS, PaaS, SaaS platforms.
• Ability to quickly acquire and apply knowledge of changing technologies.
• Good understanding of audit process/methodology, and risk management/advisory.
• Ability to adapt to a changing environment, meet deadlines and handle multiple projects.
• Experience and/or familiarity with using a risk-based audit approach in evaluations of and recommendations for management processes.
• Ability to present audit findings and recommendations in a manner that will be understood and accepted by all responsible parties.
• Experience or interest in evaluating compliance with regulatory and key IT Standards such as SOC2, ISO 27001, PCI DSS, GDPR, HIPAA/HITECH, NIST, CSA/CCM and similar.
• Possess the tenacity to pursue difficult and sensitive issues to an acceptable conclusion.
• Excellent communication, interpersonal, time management and issue resolution skills.
• Excellent analytical and organizational skills, ingenuity, and be a team player.