Sr. Global Security Compliance Analyst
San Mateo, CA, USA
We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.
Snowflake is seeking a Senior Security Compliance Analyst to join our Global Security Compliance & Risk team and help drive compliance across Product Engineering & Corporate IT systems.
The Sr. Security Compliance Analyst will be a critical and high-impact individual contributor to to help control owners to comply with required controls along with monitoring effectiveness of the controls. This role will report to the Security Compliance Manager within the Security and IT organizations.
JOB RESPONSIBILITIES :
- Support Snowflake business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including but not limited to Sarbanes Oxley (SOX), SOC, ISO 27001, ISO, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc. Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively.
- Responsible for quality and on-time execution of periodic audit activities such as change management review, SDLC review, audit of release process and CI/ CD, Segregation of duties etc.
- Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.
- Conduct risk assessments, identify compliance control requirements for cloud based systems
- Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plan. Perform follow up activities related to remediate gaps , drive remediation efforts.
- Develop a close partnership with engineering control owners to educate them on compliance requirements and develop risk-appropriate control implementation solutions.
- Review, develop, execute, and maintain security policies and procedures for compliance
- Work on automating control monitoring across compliance domains like Change Management, Secure Development LifeCycle etc
- Identify process improvements and efficiencies in the existing processes to build robust processes, automate compliance and drive implementation of effective controls.
- Serve as primary point of contact to work closely with cross functional teams - Engineering/ product security/ IT/ corporate security teams to identify risk to the business/ product and other areas necessary to identify risks to the business
- Work cross-functionally to drive security control implementation for the organization.
- Have the ability to identify risks associated with business processes, operations, information security programs and technology projects.
- Review, develop, execute, and maintain security policies and procedures for compliance.
- 8+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
- Must have minimum 2 - 3 years experience supporting and driving SOX (or ISO, SOC, PCI DSS ) readiness and audit (e.g. control design review, control operating effectiveness audit, assessment write -ups and control documentation review,audit evidence upload, supporting audit walkthroughs with auditors, etc.)
- Prior experience auditing or performing compliance assessments/ risk assessments for cloud environments (AWS, Azure, GCP) and SaaS platforms
- Knowledge of domains like Change Management, Release, deployment, SOD, SDLC , Logging, Encryption controls for systems using Agile Methodologies.
- Familiarity with Change Management tools like Jenkins, GitHub, JIRA, ServiceNow, ArgoCD
- Knowledge in Developer driven risk security and compliance process
- Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms
- Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement. Must be aware of and deliver quality stakeholder engagement experience.
- Ability to work efficiently and independently in a fast-paced, innovative environment
- Strong analytical, communication (verbal and written), and project management skills
- Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
- Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
- Ability to multitask and manage simultaneous projects
Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.
How do you want to make your impact?
Perks/benefits: Team events
More jobs like this
Highlands Ranch, CO, United … Highlands Ranch, CO, United States Full TimeSenior Senior-levelUSD 67K - 112K * USD 67K+ *
Cybersecurity Operations Analyst, Applied CryptographyAutomation Certificate management Cloud Compliance Cryptography Encryption FIPS 140-2 +2
Equity Flex hours Flex vacation Health care Insurance +2
Boston, Massachusetts, United States Boston, Massachusetts, United States Full TimeSenior Senior-levelUSD 52K - 99K USD 52K+
Global Atlantic Financial Group
Analyst, Cyber Threat and VulnerabilityActive Directory AWS Azure C CEH CISSP Cloud +38
401(k) matching Career development Competitive pay Equity Fertility benefits +10
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Staff Product Security Engineer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior Security Operations Engineer jobs
- Open Senior SOC Analyst jobs
- Open Security Consultant jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Lead Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Clearance-related jobs
- Open GCP-related jobs
- Open Pentesting-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open ISO 27001-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Cryptography-related jobs
- Open Threat intelligence-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open APIs-related jobs
- Open TCP/IP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open IPS-related jobs
- Open DevSecOps-related jobs