Senior Analyst, Information Security & Privacy

View full description

Requirements:

• 3+ years of privacy experience (privacy by design, privacy regulations).
• 3+ years of information security experience.
• Extensive knowledge of GRC best practices for SaaS organizations.
• Successful delivery of compliance for a SaaS product to one or more security standards (SOC 2, ISO 27001, NIST 800).
• Strong knowledge of security standards and US and EU privacy laws (HIPAA, CCPA, GDPR).
• Experience delivering on multi-stakeholder projects.
• Familiarity with SaaS architectures, software development, and deployment to cloud providers.
• Experience working for a SaaS company.

Responsibilities:

• Perform internal reviews of privacy and security controls and policies.
• Collect, review, schedule, and remediate internal security controls for compliance.
• Develop techniques, procedures, and utilities for improving risk assessments.
• Coordinate development, implementation, and administration of security policies, practices, standards, and programs.
• Coordinate and develop effective security awareness programs.
• Create, test, and implement business continuity, disaster recovery, and incident response plans.
• Conduct fraud, abuse, and threat investigations as necessary.
• Provide support for data inventories and mapping.
• Manage regular review of company data privacy policies and procedures and recommend improvements.
• Assist in conducting data privacy risk and impact assessments.
• Support the management of data subject requests and incident/breach management.
• Assist in developing annual data privacy training materials and manage employee compliance.