Senior Security Compliance Analyst
Location: Remote - US only
Job Type: Full time
and maturity. Responsibilities:
● Plan annual ISO and SOC 2 audits from start to finish, perform gap assessments and advice on gap closure, collect and review evidence, present evidence to auditors to make the case for compliance, and manage the overall interactions with external auditors
● Assist in kicking off quarterly user access reviews
● Scope, conduct, and document a diverse range of internal assessments
● Support the Security & Compliance team in ensuring compliance with industry standards and privacy regulations
● Serve as an advisor to engineering, IT, and business process teams to assist them in supporting compliance efforts
● Draft policies and best practices that will be consumed by the entire organization
● Continually translate compliance requirements into relevant cloud-based security controls
● Maintain knowledge of certifications and controls such as NIST 800-53, IT SOX controls, SOC-2, HIPAA, PCI-DSS, ISO 27001 / ISO 27018, etc.
● Evaluate vendors against compliance and security standards
● Interview internal resources and review process documentation to assess compliance with established controls and identify gaps
● Track compliance gaps and ensure work to remediate gaps meets deadlines
● Organize and present audit documents for internal and external stakeholders Requirements:
● Bachelor’s degree in business, information systems, computer science, or relevant educational or professional experience ● Minimum 3 years of work experience in compliance or related field
● Minimum 2 years of IT external or internal audit experience
● Knowledge of financial controls and implementation
● Solid knowledge of security controls across all security domains such as access management, vulnerability management, business continuity, etc.
● Strong analytical skills enabling the ability to evaluate security requirements and translate them to appropriate security controls.
● Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing (English)
● Knowledge of industry cloud technologies
● Knowledge of certifications and standards such as SOC-2, HIPAA, PCI-DSS, CSA STAR, ISO 27001, etc.
● Experience with information security principles/practices
● Experience with privacy principles/practices
● Some experience with software development practices
● Passionate about security, privacy, and compliance
● Self-motivated, quick learner, fast researcher
● Have experience with and are comfortable with a remote working environment Bonus Skills:
● Public Accounting/Big 4 Consulting Experience
● Technical information security experience
● Experience with automating security monitoring functions using scripting.
● Industry relevant certifications such as CISSP, CISA, etc.
(Colorado, New York and Washington only*) Minimum OTE of $117,000/year + equity + benefits
Okta is an Equal Opportunity Employer.
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/.
By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta. More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.