Security Compliance Analyst
Raleigh, NC
Bandwidth
Who We Are:
Bandwidth (NASDAQ: BAND) is a global communications software company that helps enterprises connect people around the world with cloud-ready voice, messaging and emergency services. Backed by a network reaching 60+ countries covering 90 percent of global GDP, companies like Cisco, Google, Microsoft, RingCentral, Uber and Zoom use Bandwidth's APIs to easily embed communications into software and applications. Bandwidth has more than 20 years in the technology space and was the first Communications Platform-as-a-Service (CPaaS) provider to offer a robust selection of APIs built around our own global network. Our award-winning support teams help businesses around the world solve complex communications challenges every day.
At Bandwidth, your music matters when you are part of the BAND. We celebrate differences and encourage BANDmates to be their authentic selves. #jointheband
What We Are Looking For:
As part of the Infosec GRC team, the Security Compliance Analyst core objective is to support Bandwidth’s ISMS, security audits, and other GRC related functions. The Analyst is expected to have audit knowledge and experience around common security controls for compliance needs. Focusing on audit reviews of users, access, roles, privileges, and permissions across complex IT environments. Secondary focus includes involvement in the maintenance and/support of Bandwidth’s ISMS including all aspects of GRC (ie; vendor risk management, policy management, risk management, compliance management, and awareness training). The Analyst is expected to be aware of and actively uphold the enterprise’s security goals as established by its stated policies and program objectives through interfacing with peers in security and across the organization.
What You'll Do:
- Conduct and document security compliance assessments based on a variety of standards.
- Assist with internal and external audits in support of the Information Security program.
- Ability to work with multiple teams to drive reduction in risks and improve overall compliance.
- Perform internal audits to validate completeness and accuracy of the ISMS and security program.
- Support internal audits of contractual and policy controls to validate effectiveness and compliance.
- Perform user access review audits, and summary reporting on a recurring basis.
- Develop remediation and corrective actions as driven by audit results towards compliance within the organization.
- ISMS maintenance activities including regular reviews of information security controls and documentation.
- Assist with awareness training and related records.
- Participate in the ISC (Information Security Committee).
- Participate in audits of vendors and contractors to ensure compliance to security requirements.
- Assist with reviewing, collecting, and creating reports for security compliance and governance needs.
- Participate and assist with information security incidents (IRT), handling, processing, response, and reporting.
- Other duties as assigned.
What You Need:
Education: College degree in an IT or Information Security, Cyber discipline or other equivalent combination of education and/or work experience that is focused on IT Security, Risk Management, Data Protection and/or Compliance.
Certifications preferred, but not required for the role.
Experience: Minimum 4 years in IT related roles; 2 years of Information Security and related audit experience required.
Knowledge: Understanding of common cyber security standards and frameworks.
Skills:
- Cloud security familiarity and/or experience, AWS preferred.
- Familiarity of Windows and Linux operating systems.
- Knowledge of common security tools; GRC-ISMS, SIEM, scan (vulns, configs, software, endpoint).
- Experience using common enterprise tools such as Jira, Servicenow, G-Suite, Workday, Slack.
- Understanding of IT systems, architecture, design, towards common industry best practices.
- Strong analytical skills (logical/critical thinking) assessing and identifying areas of concern, etc.
- Highly motivated; willingness to learn.
- Flexible to move between work streams to help accommodate priorities.
Bonus points:
Experience:
- Cloud compliance experience for security and privacy.
- Cloud security certification.
- Security or Privacy certifications.
- Business Continuity Plans and Disaster Recovery Plans.
Knowledge: General IT, Cyber Security, and Compliance work. Desirable; AWS Cloud Security and Compliance.
Skills: Strong focus and attention to details. Analytical and critical thinking (an ‘auditor’ mindset). Good verbal/written communications.
The Whole Person Promise:
At Bandwidth, we’re pretty proud of our corporate culture, which is rooted in our “Whole Person Promise.” We promise all employees that they can have meaningful work AND a full life, and we provide a work environment geared toward enriching your body, mind, and spirit. How do we do that? Well…
- 100% company-paid Medical, Vision, & Dental coverage for you and your family with low deductibles and low out-of-pocket expenses.
- All new hires receive four weeks of PTO.
- PTO Embargo. When you take time off (of any kind!) you’re embargoed from working. Bandmates and managers are not allowed to interrupt your PTO – not even with email.
- Additional PTO can be earned throughout the year through volunteer hours and Bandwidth challenges.
- “Mahalo moments” program grants additional time off for life’s most important moments like graduations, buying a first home, getting married, wedding anniversaries (every five years), and the birth of a grandchild.
- 90-Minute Workout Lunches and unlimited meetings with our very own nutritionist.
Are you excited about the position and its responsibilities, but not sure if you’re 100% qualified? Do you feel you can work to help us crush the mission? If you answered ‘yes’ to both of these questions, we encourage you to apply! You won’t want to miss the opportunity to be a part of the BAND.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Audits AWS Cloud Compliance Governance ISMS Jira Linux Privacy Risk management SIEM Windows
Perks/benefits: Flex hours Flex vacation Health care Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs