200+ applicants

Company

BlueAlly · 4 days ago

Senior Compliance Analyst

United States

Full-time

Remote

Senior Level

$120K/yr - $150K/yr

7+ years exp

Maximize your interview chances

Cyber SecurityInformation Technology

Work & Life Balance

H1B Sponsor Likely

Insider Connection @BlueAlly

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Working with our internal and external security auditors for various certification programs including ISO, SOC2, ITGC, PCI, among others, to facilitate successful internal and external security audits that lead to industry certifications.

Ensure all security controls required for several security certification programs including ISO, SOC2, ITGC, PCI, among others, are designed, operational and mapped to corporate security control matrix. This includes annual review and updating of existing IS Policies, Standards and Procedures and development of new documents as necessary to support Governance and Compliance requirements.

Work with cross-functional teams to ensure all security controls are fully operational with evidence being captured on an on-going basis.

Coordinate with cross-functional teams, ongoing compliance monitoring and evidence capture.

Build awareness and accountability around IT governance, risk, and compliance control functions Contribute to developing and enhancing a mature security culture.

Contribute to the deployment and operation and enhancing of the GRC team’s central GRC management application.

Lead and report on status of security audits for various security programs, ensuring auditors are managed, and evidence is provided in a timely manner.

Interact and deliver strong communication enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff.

Although uncommon, at times this role might be required to work off hours.

Contribute to Security Risk Management activities including Risk Assessments, reporting and remediation planning.

Analyze and lead enterprise security program overview discussions and coordinate gap remediation efforts with business functions.

Analyze key business processes in order to produce comprehensive risk scenarios that will be implemented by working by with business leaders and information security risk architecture. Understanding of NIST 800-30 and 37.

Review and updating/consolidation of the Information Security Management System for enterprise business functions. This includes leading ISMS meetings with Company’s Information Security Forum.

Ensure all required security controls for ISO and SOC2 are captured in the Information management system.

Provide expertise and support with business continuity (BC) and disaster recovery (DR) program, assist with coordination and compliance for required BCDR processes.

Maintain awareness of GDPR to support the implementation and monitor privacy compliance programs to include Privacy Impact Analysis (PIA).

Understand the flow of information and how the information is utilized and use that knowledge to support the integrity of the Privacy compliance program.

This role does not have direct reports.

Help drive achievement of best-in-class technology and automation.

Develop and maintain strong and mutually supportive relationships with internal partners, to ensure joint objectives are achieved.

Play a key role in helping Company through transformation and program maturity initiatives.

Significant growth potential in this role, given scope of transformation to be delivered in the coming years.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cloud SecurityISO 27001SOC2GRCRisk ManagementCISSPCISMGIACGDPRNIST 800-30NIST 800-53Technical Security ControlsAWS

Required

Bachelor’s degree preferred or equivalent combination of education, training, and experience.

7+ years of work experience related to the Information Security disciplines, with a minimum of 5 years working in a cloud product vendor environment (ideally AWS).

Understanding of Information Security and Governance Risk and Compliance (GRC) terms, terminology and practices.

Strong communication skills for various communicating at various levels in the organization.

Familiarity with common technical security controls and control frameworks such as ISO 27001/2/17/18, SOC2, GDPR, FedRAMP NIST CSF, NIST 800-53, among others.

Team-oriented and will promote execution and change through influence and partnership.

Experience clearly articulating information security risk into business terms and presenting to company management.

Preferred

Industry recognized certifications are a plus, e.g., CISSP, CISM, GIAC, etc.

Company

BlueAlly

BlueAlly has been serving as a prime source of IT Services for customers both large and small.

Founded in 1999

Vienna, Virginia, USA

201-500 employees

https://blueally.com/

H1B Sponsorship

BlueAlly has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2022 (2)

2021 (2)