Security & Compliance Analyst


No positions available.

Role summary

As a Security and Compliance Analyst, you will be a part of the team that designs, builds, and deploys solutions that protect Appspace and its customers against advanced adversaries. You will work across many teams including sales, compliance, HR/legal, engineering, and operations.


  • Participate in planning, scheduling, and preliminary analysis for all internal and external audit projects

  • Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach, and deliverables

  • Work closely with external auditors and internal audit teams on managing and supporting the audits

  • Identify, document, and map technology processes and internal controls of applicable technology infrastructure and operational areas per the scope of the audit project

  • Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas

  • Complete audit testing, inquiry, observation and other analysis required to meet objectives of audit projects

  • Assist in the development of the company's security program, policies, and standards

  • Keep existing policies and procedures aligned with audit and security requirements

  • Request and review vendors auditing documentation to ensure alignment with Cloud Ops internal controls and provide assessments and recommendations

  • Respond to internal and external compliance inquiries

Experience, skills, and education

  • Bachelor’s degree in Information Systems or related field; at least 2 years professional working experience as described below

  • Experience in internal or external audit in the IT risk and compliance space

  • Understanding or interest in Cloud industry technologies and IaaS, PaaS, SaaS platforms preferred. Ability to quickly acquire and apply knowledge of changing technologies implemented is essential

  • Good understanding of audit process/methodology, and risk management/advisory ability

  • Ability to adapt to a changing environment, meet deadlines and handle multiple projects

  • Experience in using a risk-based audit approach in evaluations of and recommendations for management processes

  • Ability to present audit findings and recommendations in a manner that will be understood and accepted by all responsible parties

  • Experience or interest in evaluating compliance with regulatory and key IT Standards such as SOC2, ISO 27001, PCI DSS, GDPR, HIPAA/HITECH, NIST, CSA/CCM and similar

  • Possess the tenacity to pursue difficult and sensitive issues to an acceptable conclusion

  • Excellent communication, interpersonal, time management and issue resolution skills

  • Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team