Apply on Employer Site

Sumo Logic · 1 month ago

Security Compliance Analyst

United States

Full-time

Remote

Mid, Senior Level

$111K/yr - $150K/yr

Sumo Logic is a fast-growing, highly technical Cloud Based SaaS Company looking for a Security Compliance Analyst. The role involves supporting compliance initiatives, conducting audits, and collaborating with various teams to ensure security and compliance standards are met.

AnalyticsBig DataCloud Data ServicesEnterprise SoftwareSaaS

No H1B

Responsibilities

Design, develop, and maintain internal controls in response to security and compliance goals: FedRAMP, SOC2, HIPAA, PCI-DSS, ISO27001, etc

Perform security reviews and identify security gaps in architecture resulting in recommendations for inclusion in the risk mitigation strategy

Support tooling and automation that facilitate security and compliance related activities and lead to reducing the disruption of audit events

Lead planning, coordination and execution of 3rd party-risk assessments and audits

Develop and maintain internal and external-facing security and compliance documentation

Work with product and engineering teams to maintain compliance baseline in Sumo Logic products

Work with internal teams to formulate processes in line with compliance and security controls, hold them accountable for following them, and manage throughout Risk Treatment and Remediation plans

Provide direction to management team on compliance goals and statuses

Drive periodic reviews, updates, and maintenance of compliance items

Interface with external auditors and be a primary point of contact for audits

Participate in maintenance of standard security and compliance collateral for marketing and sales activities

Qualification

Compliance frameworksCybersecurity certificationsSaaS environment experienceIncident response experienceCommunication skillsCross-functional project ownershipDetail orientedOrganizational skills

Required

The role needs to be located primarily in the US

Support the analysis, classification, and response to cybersecurity risks within the organization

Support sales team with customer meetings regarding questions on Information Security and Privacy

Must have strong skills in the following areas: Communication, Security and Privacy and the Compliance of security controls

Ability to work and communicate across various teams and at various levels of the business is essential to this role

Knowledge of compliance frameworks such as PCI DSS, ISO 27001, SOC 2, IRAP and NIST 800-53 / FedRAMP

Preferred

B.S. in Computer Science / Computer Security or related discipline

Cybersecurity Licenses and/or Certifications (e.g. Certified in Risk and Information Systems Control™ (CRISC), Certified Information Security Manager® (CISM), Certified Information Systems Security Professional (CISSP), or equivalent)

Experience working with Sales Teams

Experience in public cloud environments

Incident response experience or training

Assist with managing penetration testing, code reviews, internal scanning and remediation of findings

Performs internal audit of key controls and communicate results to the executive team