Senior Security Analyst - GRC

Senior Security Analyst - Governance Risk and Compliance (GRC)

This position can be located in New York, NY / Pittsburgh, PA / Bay Area, CA

COMPANY OVERVIEW

A “Magic Quadrant” leader, Ivalua’s solutions work in a complex global economy.  Our innovative Source-to-Pay solutions include automating customized workflows to source, contract, request, procure, receive, and pay for goods and services across the enterprise, refining the procurement lifecycle while reducing cost and risk of spending on indirect goods, direct goods, and services, and improving supplier collaboration.

All companies want the best and brightest. At Ivalua, we also want team members who have a global point of view and who bring customer-focused enthusiasm and ambition to the table. We are a company of doers, of problem solvers, of figure-it-outers. We have fun and we work hard.  Ivalua is a truly global company with a diverse team of contributors and a set of core values that people can feel every day across all our offices.

Our team works hard, plays hard, and enjoys our ping-pong tournaments at lunchtime! Or are passionate, creative, focused, and collaborative. etc.

Key Responsibilities:

• Lead various security audits/certifications/self assessments, including SOC1/SOC2, HIPAA, NIST800-53, ISO27001, PCI, FedRAMP, etc.

• Coordinate and manage customer security audits

• Coordinate and manage elf initiated security/access audits

• Lead and manage Security Awareness and Training program

• Lead and perform Vendor Security Assessments

• Own and manage InfoSec related policies, standards, and plans

• Assist the sales and bid-desk team in effectively responding to prospect’s InfoSec questions

• Work closely with IT and Business functions to enhance and test Disaster Recovery and Business Continuity Program 

• Work closely with the IT and Security Operations team to enhance and test Security Incident Response Plan

Skills, Abilities, Experience & Qualifications:

• Bachelor’s Degree in a related field or equivalent experience

• Strong working knowledge of a broad range of audit and Information Security frameworks

• Experience in executing audits against some of the InfoSec frameworks such as NIST-800 53, ISO27001, PCI, FedRAMP, SOC1/SOC2 and HIPAA 

• Excellent interpersonal, communication and organizational skills

• Relevant audit and/or Information Security certifications (e.g., CISSP, CISA, CISM, CRISC) are desired

• Team player with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors

• High degree of initiative, dependable and able to work well with limited supervision

#LI-SG1

#LI-HYBRID