Security Compliance Analyst I

Job Description

You:

You are an Information Security Analyst who is looking for the opportunity to leverage your technical and business skills to have a global impact in the dynamic Technology Business Management market. You have a passion for Information Security and know how to identify and recommend Information Security improvements with detailed precision. This position will report to the Director of Information Security. You will work closely with IT teams, data center operations personnel and external business partners in applying the appropriate policies, architectures, technologies, and practices to provide protection for Apptio and our clients’ information assets.

Us :

Our team has broad responsibility for security and compliance across Apptio services and business units worldwide. We are highly motivated and dynamic individuals woven into a collaborative team where teamwork and flexibility are critical to our success.

What we want you to do:

• Collect, review, analyze and verify the performance of internal controls, adherence to internal policy and procedures and client security expectations.
• Perform technical audits of IT General Controls, Information Security, SDLC, Application Security, and Operations.
• Determine audit scope, design testing strategies, test, evaluate, and document controls, identify control gaps and opportunities for improvement and report audit issues based on significance, risk, and impact.
• Contribute to the design, implementation, and operations of procedural and technical security controls
• Conduct staff interviews and walkthroughs; perform analysis to identify key business risks and controls.
• Manage follow-up on open audit issues and facilitate agreements with business process owners to ensure timely closure of action plans.
• Research, standardize, compose, and edit documented policies and procedures/processes for compliance and in accordance with accepted industry standards.
• Keep abreast of current and emerging technologies and recommend changes to audit programs, as necessary.

Basic Qualifications:

• Minimum 2+ years’ experience with technical security auditing.
• Experience with one or more of the following Information Security frameworks and standards: ISO/IEC 27000-series, SSAE16, SOC1/2, Cloud Security Alliance Cloud Controls Matrix (CCM), and rules/regulations related to privacy and data confidentiality (e.g., GDPR, CCPA).
• Strong knowledge of desktop, server, application, and network security principles for conducting comprehensive business impact analysis and risk identification.
• The ability to audit, assess and identify compliance gaps in information security controls.
• Ability to independently plan, organize and prioritize tasks.
• Great attitude, independent, and takes ownership of all tasks from start to end.
• Highly organized and comfortable working in a rapidly changing and ambitious environment.

Preferred Qualifications:

• Knowledge of and experience with cloud service providers (i.e. AWS, Azure, GCP)
• Excellent interpersonal skills for building and establishing strong relationships with key stakeholders, including senior staff, the security team, and the wider organization.
• Collaborative work style; effective communication; cross-functional teamwork.
• Strong general business skills and an aptitude for critical thinking and intellectual curiosity.
• Experience and/or knowledge of cloud computing and SaaS application delivery models.
• Experience and/or knowledge of information security tools/systems: EDR, SIEM, DLP, IDS/IPS, etc.
• CISA/CISM/CISSP (or equivalent) certification.