Senior Analyst – Information Security Risk & Compliance

Summary

Join ChargePoint, a leader in the EV charging industry, as a Risk and Compliance Analyst. You will play a key role in managing our security risk and compliance program, overseeing security policies, and ensuring compliance with relevant standards and regulations. Responsibilities include managing our third-party risk management program, performing audits, and working with various teams to gather artifacts and perform ongoing audits. You will need experience in GRC activities, third-party cybersecurity assessments, and working with various compliance frameworks. The ideal candidate will possess strong communication skills and a detail-oriented approach. This position offers the opportunity to contribute to a rapidly growing company in a dynamic industry.

Requirements

• 4+ years of experience performing or leading GRC activities or programs to support compliance efforts
• Experience performing third party cybersecurity assessments
• Excellent oral and written communication and interpersonal skills with emphasis on building strong, longer-term relationships worldwide across different geographies and functions
• Detail oriented, self-motivated with the ability to meet project deadlines and deliverables in a fast-paced environment
• Prior experience with security policy, standards, and controls definition across multiple compliance frameworks (PCI, SOC2, ISO, etc.)
• Experience with GRC platforms, reporting tools and presenting compliance reports to senior stakeholders
• Experience implementation security training and awareness initiatives to educate stakeholders regarding security risks
• Strong understanding of framework such as NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20, COSO, and leading business practices

Responsibilities

• Manage our security risk and compliance program and provide governance and risk management oversight
• Establish and manage our security policy framework and relevant standards
• Oversee applicable security, privacy, contractual and compliance requirements through controls definition, assessment, and process oversight
• Support different risk and compliance initiatives part of our risk and compliance program within the Information Security team
• Manage our third-party risk management program by reviewing vendors/ suppliers, responding to customer queries and reviewing contracts
• Introduce innovative, differentiating cybersecurity capabilities that enhance our overall competitive advantage and align risk strategies with business priorities
• Program execution dealing with audits, compliance checks and external assessment processes for internal/external auditors, ISO 270001, PCI, SOC2, NIST 800-53, GDPR and third-party vendors
• Enhance and automate our third-party risk management program
• Audit third parties / vendors on an on-going basis based on the defined framework
• Work with other teams like Engineering, H.R. etc. to gather artefacts and perform audits on an on-going basis
• Assess and determine design effectiveness of internal controls
• Maintain a common controls framework that aligns with applicable security standards and regulations

Preferred Qualifications

• Practical experience working with business continuity and disaster recovery standards, frameworks, and methodologies, such as ISO 22301, NIST SP 800-34, and BCI Good Practice Guidelines
• Has a strong understanding of risk management principles and practices, such as ISO 31000, COSO ERM, NIST SP 800-30, and leading information security practices
• Knowledge of the incident management and crisis response principles and practices, such as NIMS, ICS, and ISO 22320
• Experience performing third party cybersecurity assessments
• Experience implementing security training and awareness initiatives to educate stakeholders regarding security risks
• Experience working with various cloud and infrastructure security tooling such as CSPM, DSPM, ASM, FIM, etc
• Certification in business continuity and disaster recovery, such as CBCP, CBRM, CRISC, CISA, or ISO 22301, is a plus
• Security and audit certifications like CISA, CISSP, others are a plus but not mandatory

Benefits

Remote work