Senior IT Security Compliance Analyst
Location: Remote - US only
Job Type: Full time
We are a Security company and Auth0's Security & Compliance team is in the privileged position of supporting a security-first culture for a company that wants to make the internet safer.
We are seeking a Senior Security Compliance Analyst who can help execute a wide range of assessments and audits across the entire organization. This role will work closely with Security and Compliance leadership to strategize and scope assessments, identify key risk areas, and establish baseline control alignment for continued organizational growth and maturity.
- Design, implement, and oversee the execution of the IT controls program including periodic control testing (e.g., design and effectiveness) sufficient to meet compliance requirements and to satisfaction of internal/external auditors.
- Provide ongoing training, guidance, support, and IT control and compliance status reporting to the company to build awareness of and promote a progressive and sustainable compliance culture.
- Build and maintain effective working relationships and liaise with Product unit control owners to collect, report, and retain compliance documentation.
- Identify control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts.
- Collaborate with and advise Product unit resources on implementing IT controls that achieve risk and control objectives while striking a balance between costs vs. benefits.
- Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls-related content for Information Security & Compliance.
- Assist in effective management of internal and external audit efforts and partnerships; Drive for timely submission of critical audit and compliance deliverables.
- Coach, mentor, and oversee company employees and/or external consultants on a periodic basis.
- Perform QA reviews of IT controls-related work products (e.g., user attestation packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners.
- Assist with IT-related aspects of vendor risk management program functions (e.g., risk assessments, due diligence documentation reviews, control testing, contract reviews).
- Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST 800-53, IT SOX controls, SOC-2, HIPAA, PCI-DSS, ISO 27001 / ISO 27018, etc.
- Bachelor’s degree required: BS in Computer Science, Information Security, or related field.
- Minimum 3 + years of experience in the field of Information Security, Cybersecurity, Audit, and/or Compliance is required.
- STRONG project management skills/abilities. Must be able to bring order to chaos.
- Ability to manage multiple engagements while maintaining superior results
- 3+ years of SaaS or Cloud security experience desirable.
- Deep knowledge of at least two or more security frameworks NIST Cybersecurity Framework controls, COSO Risk Framework, NIST 800-53, ISO, and the ability to determine measures that will satisfy controls, design controls, and determine solutions are strongly required.
- At least 1 professional security management certification: e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Security Auditor (CISA)
- Knowledge of industry cloud technologies such as Azure, AWS, or similar
- Ability to quickly adapt to shifting priorities, demands and timelines through both analytical and problem-solving capabilities
- Experience with GRC tools, technology, and implementation
- Project Management: Plan and manage several projects to meet compliance and security requirements. Effectively communicate with other teams at Okta during the entire project cycle.
- Understanding of security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
(Colorado, New York and Washington only*) Minimum OTE of $135,000/year + equity + benefits
Okta is an Equal Opportunity Employer.
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/.
By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta. More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.