Sr. InfoSec Analyst - Risk & Compliance

Tenable Network Security   •  

Columbia, MD

Industry: Technology


5 - 7 years

Posted 50 days ago

Your Role:

Tenable seeks to hire a hands-on Senior Risk and Compliance Analyst to join its InfoSec-Risk and Compliance team. This role will help drive the compliance and assurance efforts for our products and cloud services. Additionally they will assist with responding to external vendor risk assessments, security assessments, and audit requests.

We are searching for a candidate who knows both sides of the audit and assessment process; how totest controls and how to design them. The candidate will review the design of existing controls and offer ideas on improving and consolidating those controls, educating and informing others within the organization, and identifying opportunities for improvements in existing processes. This position will report to the Manager of InfoSec - Risk and Compliance.

Your Opportunity:

  • Assists in the development and execution of the internal compliance program including preparation for audits, certifications, and risk assessments
  • Assists in developing, administering, and ongoing compliance monitoring of internal security controls
  • Serves as a company representative with prospects, customers, and partners by assisting withcompleting security questionnaires, assessments, and audits
  • Work with Sales, Engineering, Information Security, IT, and Product Development teams toconvey compliance obligations and requirements
  • Optimize risk management, control, and compliance activities
  • Educate stakeholders on their responsibilities
  • Acts as a consultant and SME for internal departments
  • Coordinate and participate in internal and external audit walkthroughs
  • Help guide and perform remediation of issues identified during third-party assurance or internal reviews
  • Support special projects as required

What you'll need:

  • Knowledge of governance, risk and compliance frameworks such as NIST CSF
  • Experience interpreting industry and regulatory requirements and authoring supporting controls
  • Experience performing or undergoing internal and external audits
  • Experience achieving or maintaining certifications such as: FedRAMP, SOC2, ISO 27001, SOX etc.
  • 3+ years of experience performing information security and risk assessments based upon industry accepted standards
  • 4+ years of experience in compliance, information security, assurance, internal controls or risk management
  • 4+ years of experience with implementation, monitoring, and reporting of control processes, documentation, and remediation items
  • Ability to operate independently and understand all the requirements
  • Strong project management skills
  • Ability to work well with others, and communicate effectively with all levels of management
  • Must be analytical and embrace technology
  • Rational, pragmatic, and realistic approach to security, risk and compliance
  • Excellent verbal and written communication skills
  • Advanced user of Excel
  • Be self-directed and self-motivated
  • Manage conflicting priorities

And Ideally:

  • Relevant security certifications (SSCP, CISSP, CISA, etc)
  • Experience in a Big 4 or similar security consulting or risk assurance role
  • Experience conducting audits for or implementing programs such as ISO 27001
  • Experience with privacy
  • Experience with BC & DR Program Development/Management
  • BS, BA in Information Technology, Computer Science, Information Security, or other related

We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels.