Zone & Co is hiring a
Security and Privacy Compliance Analyst

Summary

Join a rapidly growing SaaS company as a Lead Security and Privacy Compliance Analyst, ensuring adherence to legal, regulatory, and professional standards in data protection and business practices.

Requirements

• Good working knowledge of compliance, security, governance, audit, and risk concepts and practices
• In-depth understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 1, SOC 2, ISO 27001/2, ISO 27017)
• 3-5 years' experience in performing information security audits, risk assessments, cyber risk management, or compliance
• Experience in vulnerability management, including lifecycle, follow-up, and reporting
• Ability to work independently
• Proficient in documenting risk and compliance activities, including how to ensure documentation is actionable rather than for the mere sake of compliance
• Experience in performing information security audits or risk assessments and familiarity with conducting security auditing processes professionally
• Excellent interpersonal, communication, and presentation skills and a level of professionalism in dealing with third parties
• Experience in developing security standards and guidelines based on best practices and industry standards
• Advanced computer skills and excellent written and oral communication skills

Responsibilities

• Supporting the Information Security team with ongoing compliance efforts related to SOC 1, SOC 2, ISO 27001, and other certification, along with general state, federal, and international privacy, and security requirements
• Take point on all internal and external audits and related artifacts
• Develop and implement a comprehensive security risk management framework, ensuring it aligns with industry best practices and regulatory requirements
• Ensure the organization complies with relevant industry standards, regulations, and contractual obligations related to security
• Ensuring the organization complies with Federal, State and International regulations and policies as they relate to privacy and security
• Oversee regular security risk assessments to identify potential vulnerabilities and develop strategies to mitigate risks effectively
• Oversee the development, implementation, and maintenance of security and privacy policies, procedures, and protocols
• Maintaining a matrix of client compliance requirements and performing regular compliance reviews
• Stay current with emerging security threats, trends, and technologies to ensure the organization remains proactive in its security posture
• Provide guidance and support to business units on security, privacy, and compliance matters, acting as a subject matter expert
• Collaborate with internal stakeholders to ensure security and privacy controls are implemented and maintained across the organization
• Coordinate audits and assessments to assess the effectiveness of the security risk management program and ensure compliance with applicable regulations
• Develop and deliver security and compliance awareness training programs to educate employees on security risks, best practices, and compliance requirements
• Develop and maintain relationships with external partners, regulatory bodies, and industry organizations to stay informed of regulatory changes and collaborate on security initiatives
• Foster a culture of security awareness and accountability throughout the organization by promoting best practices and maintaining an effective risk management program
• Provide regular reports and updates to senior management and stakeholders on the state of security risk and compliance
• Evaluate and recommend security tools, solutions, and services to enhance the organization's security, privacy, and compliance posture
• Supervise and mentor more junior team members
• Continuously assess and improve the organization's security, privacy, and compliance programs
• Assist in the development and implementation of Business Continuity Planning and testing
• Maintain Zone's trust portal and manage access for existing and prospective customers
• Monitoring the implementation of any prescribed corrective actions resulting from client assessments
• Conducting interviews and discussions with a variety of client stakeholders, including IT system personnel such as Information System Security Officers (ISSOs) and system administrators
• Conduct and manage third-party risk assessments

Preferred Qualifications

• 5+ years of compliance experience
• Knowledge of securing cloud based solutions (AWS, Azure)

Benefits

Comprehensive list of benefits at Zoneandco.com