Senior Analyst – Information Security Risk & Compliance

closed
ChargePoint Logo

ChargePoint

📍Remote - India

Summary

Join ChargePoint, a leader in the EV charging industry, as a Risk and Compliance Analyst. You will play a key role in managing our security risk and compliance program, overseeing security policies, and ensuring compliance with relevant standards and regulations. Responsibilities include managing our third-party risk management program, performing audits, and working with various teams to gather artifacts and perform ongoing audits. You will need experience in GRC activities, third-party cybersecurity assessments, and working with various compliance frameworks. The ideal candidate will possess strong communication skills and a detail-oriented approach. This position offers the opportunity to contribute to a rapidly growing company in a dynamic industry.

Requirements

  • 4+ years of experience performing or leading GRC activities or programs to support compliance efforts
  • Experience performing third party cybersecurity assessments
  • Excellent oral and written communication and interpersonal skills with emphasis on building strong, longer-term relationships worldwide across different geographies and functions
  • Detail oriented, self-motivated with the ability to meet project deadlines and deliverables in a fast-paced environment
  • Prior experience with security policy, standards, and controls definition across multiple compliance frameworks (PCI, SOC2, ISO, etc.)
  • Experience with GRC platforms, reporting tools and presenting compliance reports to senior stakeholders
  • Experience implementation security training and awareness initiatives to educate stakeholders regarding security risks
  • Strong understanding of framework such as NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20, COSO, and leading business practices

Responsibilities

  • Manage our security risk and compliance program and provide governance and risk management oversight
  • Establish and manage our security policy framework and relevant standards
  • Oversee applicable security, privacy, contractual and compliance requirements through controls definition, assessment, and process oversight
  • Support different risk and compliance initiatives part of our risk and compliance program within the Information Security team
  • Manage our third-party risk management program by reviewing vendors/ suppliers, responding to customer queries and reviewing contracts
  • Introduce innovative, differentiating cybersecurity capabilities that enhance our overall competitive advantage and align risk strategies with business priorities
  • Program execution dealing with audits, compliance checks and external assessment processes for internal/external auditors, ISO 270001, PCI, SOC2, NIST 800-53, GDPR and third-party vendors
  • Enhance and automate our third-party risk management program
  • Audit third parties / vendors on an on-going basis based on the defined framework
  • Work with other teams like Engineering, H.R. etc. to gather artefacts and perform audits on an on-going basis
  • Assess and determine design effectiveness of internal controls
  • Maintain a common controls framework that aligns with applicable security standards and regulations

Preferred Qualifications

  • Practical experience working with business continuity and disaster recovery standards, frameworks, and methodologies, such as ISO 22301, NIST SP 800-34, and BCI Good Practice Guidelines
  • Has a strong understanding of risk management principles and practices, such as ISO 31000, COSO ERM, NIST SP 800-30, and leading information security practices
  • Knowledge of the incident management and crisis response principles and practices, such as NIMS, ICS, and ISO 22320
  • Experience performing third party cybersecurity assessments
  • Experience implementing security training and awareness initiatives to educate stakeholders regarding security risks
  • Experience working with various cloud and infrastructure security tooling such as CSPM, DSPM, ASM, FIM, etc
  • Certification in business continuity and disaster recovery, such as CBCP, CBRM, CRISC, CISA, or ISO 22301, is a plus
  • Security and audit certifications like CISA, CISSP, others are a plus but not mandatory

Benefits

Remote work

This job is filled or no longer available