Senior Compliance Analyst

Summary

Join Kaseya's GRC team as a Compliance Analyst and contribute to building and maintaining compliance-focused security controls. You will assist in planning, coordinating, and executing compliance audits and initiatives to enhance Kaseya's security posture. Responsibilities include designing and implementing robust compliance controls, collaborating with control owners, and communicating with external auditors. The role requires strong program management skills, experience with cloud technologies, and at least one recognized security compliance certification. This 100% remote position offers the opportunity to work on a wide variety of technical problems and contribute to a world-class compliance team. Kaseya is a leading provider of IT infrastructure and security management solutions, offering a dynamic and growth-oriented work environment.

Requirements

• 5 to 10 years of demonstrated ability in leading Compliance audits
• Strong program management skills: ability to effectively lead teams, track commitments from Project Owners and SMEs, and supervise/lead self and others in responding to roadblocks, queries, work sessions, and meeting project timelines
• Excellent leadership and team management skills, with the ability to inspire and motivate teams
• Knowledge and experience working with Cloud technologies/environments, AWS, Azure, GCP or other related cloud experience is required
• Familiarity with On-prem, Cloud, and Hybrid Cloud environments
• Understanding of Request, Incident, and Change Management practices
• Possess at least one recognized security Compliance certification, which demonstrates advanced expertise in designing, implementing, and managing premier cybersecurity risk programs
• Strong understanding of Compliance principles, practices, and tools, with the ability to develop and implement effective procedures and corrective measures
• Proficient in assessing, prioritizing, and addressing Compliance control issues, including handling escalations and providing consultation across business units
• Prior experience as a Compliance Analyst or similar role

Responsibilities

• Assist in Compliance audits, build out audit/walkthrough plan, communication with Control Owners, External & Internal Auditors
• Design & complete walkthroughs and tests of the operating effectiveness of controls across business units, product lines, and infrastructure, in support of SOC 2 audits and other compliance certifications
• Prepare Control Owner and facilitate the audit readiness process for all audits including but not limited to SOC 2 audits
• Collaborate with control owners to collect populations and samples for all audits
• Communicate with the external auditor to schedule audit preparations, fieldwork, and reporting activities
• Provide guidance and support for evidence collection, transformation, and normalization across a variety of Products, operating systems, applications, appliances, and networking platforms
• Provide insight and recommendations regarding gaps and improvements in the design and operating effectiveness of controls
• Assist in Project Managing the Compliance team initiatives, ensuring on time delivery
• Collaborate with the teams in designing and streamlining audit procedures, project management solutions, and control period work
• Learn, stay on top of upcoming, and apply applicable standards, frameworks, and interpretative guidance (e.g., attestation and auditing standards, SOC 2, NIST 800-53, ISO, COSO, FedRAMP & EUCS)
• Lead and collaborate with various geographically spread, cross-functional teams including IT, Product, Engineering, Architecture teams, Sales, Marketing, Finance and Legal
• Ensure thorough documentation of controls, process, tickets, meetings, evidence collection
• Work closely with other IT and security teams to ensure seamless integration and operation of Compliance team process and or tools
• Perform other security-related duties as assigned
• Limited off-hours support may be required
• Limited travel may be required

Preferred Qualifications

• Working understanding of SOC2, ISO27001, GDPR, modern Data Pipeline Design, Transformation and Normalization of Data and best practices
• Ability to effectively lead teams with multiple projects in an extremely fast paced environment
• One or more certifications such as CISA, CISM, CISSP, CRISC, CIA, or CGEIT are desired
• Can translate complex technical topics into easy-to-understand concepts fostering understanding and collaboration between technical and business stakeholders
• Strong written and verbal communication skills, with a passion for documentation
• Knowledge and experience working with Cloud technologies/environments, AWS, Azure, GCP or other related cloud experience is required
• Self-starter and ability to perform independently and synthesize information from disparate sources
• Ability to quickly demonstrate an understanding of internal security risks, security controls, business processes in a fast-paced environment
• Proficiency with Atlassian products: Jira and Confluence
• Strong work ethic and an insatiable desire to learn
• Thrives in a team-based environment, leaving ego at the door
• Solid organizational skills, including the ability to consistently meet project deadlines, while maintaining quality, attention to detail, and accuracy in work
• As needed, develop and enforce policies, standard, procedures, methodologies, processes, and tools
• Identify trends in need of a larger solution, beyond the scope of the immediate problem
• Design and champion best practices within the organization
• Solve complex and challenging problems with simple, maintainable, and scalable solutions

Benefits

This position is 100% remote