📍United Kingdom
Senior Analyst – Information Security Risk & Compliance
closed
ChargePoint
📍Remote - India
Summary
Join ChargePoint, a leader in the EV charging industry, as a Risk and Compliance Analyst. You will play a key role in managing our security risk and compliance program, overseeing security policies, and ensuring compliance with relevant standards and regulations. Responsibilities include managing our third-party risk management program, performing audits, and working with various teams to gather artifacts and perform ongoing audits. You will need experience in GRC activities, third-party cybersecurity assessments, and working with various compliance frameworks. The ideal candidate will possess strong communication skills and a detail-oriented approach. This position offers the opportunity to contribute to a rapidly growing company in a dynamic industry.
Requirements
- 4+ years of experience performing or leading GRC activities or programs to support compliance efforts
- Experience performing third party cybersecurity assessments
- Excellent oral and written communication and interpersonal skills with emphasis on building strong, longer-term relationships worldwide across different geographies and functions
- Detail oriented, self-motivated with the ability to meet project deadlines and deliverables in a fast-paced environment
- Prior experience with security policy, standards, and controls definition across multiple compliance frameworks (PCI, SOC2, ISO, etc.)
- Experience with GRC platforms, reporting tools and presenting compliance reports to senior stakeholders
- Experience implementation security training and awareness initiatives to educate stakeholders regarding security risks
- Strong understanding of framework such as NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20, COSO, and leading business practices
Responsibilities
- Manage our security risk and compliance program and provide governance and risk management oversight
- Establish and manage our security policy framework and relevant standards
- Oversee applicable security, privacy, contractual and compliance requirements through controls definition, assessment, and process oversight
- Support different risk and compliance initiatives part of our risk and compliance program within the Information Security team
- Manage our third-party risk management program by reviewing vendors/ suppliers, responding to customer queries and reviewing contracts
- Introduce innovative, differentiating cybersecurity capabilities that enhance our overall competitive advantage and align risk strategies with business priorities
- Program execution dealing with audits, compliance checks and external assessment processes for internal/external auditors, ISO 270001, PCI, SOC2, NIST 800-53, GDPR and third-party vendors
- Enhance and automate our third-party risk management program
- Audit third parties / vendors on an on-going basis based on the defined framework
- Work with other teams like Engineering, H.R. etc. to gather artefacts and perform audits on an on-going basis
- Assess and determine design effectiveness of internal controls
- Maintain a common controls framework that aligns with applicable security standards and regulations
Preferred Qualifications
- Practical experience working with business continuity and disaster recovery standards, frameworks, and methodologies, such as ISO 22301, NIST SP 800-34, and BCI Good Practice Guidelines
- Has a strong understanding of risk management principles and practices, such as ISO 31000, COSO ERM, NIST SP 800-30, and leading information security practices
- Knowledge of the incident management and crisis response principles and practices, such as NIMS, ICS, and ISO 22320
- Experience performing third party cybersecurity assessments
- Experience implementing security training and awareness initiatives to educate stakeholders regarding security risks
- Experience working with various cloud and infrastructure security tooling such as CSPM, DSPM, ASM, FIM, etc
- Certification in business continuity and disaster recovery, such as CBCP, CBRM, CRISC, CISA, or ISO 22301, is a plus
- Security and audit certifications like CISA, CISSP, others are a plus but not mandatory
Benefits
Remote work
This job is filled or no longer available
Similar Remote Jobs
📍India
💰$130k-$160k
📍United States
📍India
📍United Kingdom
📍Worldwide
📍United States
📍United Kingdom
📍Czech Republic