Security Risk and Compliance Analyst I

Securonix Unified Defense SIEM

five-time leader

cybersecurity unicorn

worldwide

At Securonix, we are driven by our core values and place our people at the heart of everything we do:

• Winning as One Team:

  We work together with universal respect to achieve aligned outcomes

• Customer Driven Innovation:

  We innovate to stay ahead of the market and create value for our customers

• Agility in Action:

  We embrace change and are unified in our purpose and objectives amidst change

Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team.

Summary:

The Security Risk and Compliance Analyst I will be responsible for executing control assessments and ensuring that compliance with regulatory and industry mandates that include SOC1, SOC2, PCI, GDPR, ISO 27001, HIPAA, HITRUST, FEDRAMP and others are maintained. Reporting to the Manager of Information Security Compliance, this role will be responsible for executing control self-assessments, creating and maintaining policy documentation, assisting in maintaining the risk register and overall maintenance of the organization’s compliance posture.

Essential Functions of the Job:

• Conduct controls assessments to identify and assess Information Security risks within the Securonix IT environment. Securonix IT General Controls to ensure our continued compliance with our regulatory and industry mandates.
• Ensure that control self-assessments are conducted in a timely manner ensuring completeness and accuracy
• Maintain documentation of control assessments and risks in the GRC tool.
• Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to support the various security, compliance and audit requirements.
• Co-ordinate execution of Pen Tests, Vulnerability scans and reporting. Work on remediation actions for identified findings and track them to closure.
• Work with other teams in the IT org to establish standards and process for maintaining and improving the organization’s security posture
• Assist in continuous improvement and maturing the Information Security GRC program

Additional Job Functions:

• Maintain the risk register with up-to-date risk details, and track risk response plans(remediation/exceptions) to closure
• Perform audits and assessments of third parties such as vendors, service
• providers, consulting organizations etc. as required.
• Work closely with Technology and Security teams to develop appropriate remediation action plans for identified risks.

Knowledge and Skill Requirements:

• Demonstrated experience in performing risk/control assessments against compliance frameworks such as COSO, COBIT, NIST, ISO 27001, etc.
• Understanding of IT General Controls in relation to SOC1, SOC2, HIPAA,HITRUST, GDPR, FEDRAMP and other compliance initiatives.
• Familiarity with IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security is desirable.
• Familiarity with cloud and SaaS-based environments and technologies with associated auditing methodologies is desirable
• Bachelor’s / Master’s degree in a computer or information management field or similar work experience.
• Relevant certifications like CISSP, CISA, CRISC, ISO 27001 – Lead Auditor/Lead Implementer
• desirable, but not mandatory
• Strong attention to detail, influencing and problem resolution skills.
• 2+years’ experience in Information Security - IT audit and/or IT Risk & Compliance roles

Benefits:

As a full-time employee with Securonix, you will be eligible for the following employee benefits:

• Health Insurance with a total sum insured is INR 7,50,000
• Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law
• Personal Accident with total sum insured is INR 10,00,000
• Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered.

Securonix, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. Securonix complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training.

Securonix expressly prohibits any form of unlawful employee harassment based on race, color, religion, gender, sexual orientation, national origin, age, genetic information, disability or veteran status. Improper interference with the ability of Securonix employees to perform their expected job duties is absolutely not tolerated.