Security and Compliance Analyst
Denver, CO
Applications have closed
Sumo Logic
Sumo Logic provides best-in-class cloud monitoring, log management, Cloud SIEM tools, and real-time insights for web and SaaS based apps.Security and Compliance Analyst
As a Security and Compliance Analyst at Sumo Logic, you will join a growing team to design, implement, and coordinate programs to promote user trust and manage risks to their data. You will work with teams across the organization, from Product Development to Sales to Customer Experience, to manage risks to critical assets and users alike. You will work in depth with other parts of the business to ensure Sumo Logic meets our security, privacy, and regulatory commitments.
WHAT YOU’LL BE DOING:
- Work with essential players, performing and improving the current control environment, promoting security awareness and monitoring metrics to measure control effectiveness and other projects based on specialized plans.
- Promote awareness of security and control issues among management and ensure sound principles are reflected in our vision and goals.
- Provide input to the company annual security risk assessment activities which includes identifying the methodology, information assets, threat and vulnerabilities, evaluate the risks, facilitate the residual risk remediation plan and follow-up thereafter.
- Manage the audit for various frameworks from pre-engagement, planning, fieldwork, testing, review, reporting, and risk treatment process.
- Conduct third party security risk assessments as part of onboarding and annually as needed.
- Ability to execute and manage various audit, compliance, and risk assessment programs within GRC tools.
- Coordinate and support the sales team by answering security related questionnaires.
- Improve design and operating effectiveness for internal control systems, processes, and policies.
- Performs other related duties as required.
WHAT YOU BRING:
- Experience building or maintaining programs to mitigate risks around security, privacy, integrity, and availability.
- Familiarity and experience conducting internal audits / assessment for the infrastructure running in public cloud infrastructure (AWS experience preferred).
- Strong understanding and experience working in multiple compliance frameworks such as PCI DSS, SOC2, ISO 27001, and FedRAMP.
- Familiarity with a broad range of technical concepts relevant to cloud computing environments such as microservices, CI/CD pipeline, containers, secure coding principles, security architecture, information security, network security, privacy, and cloud governance.
- Strong project management and organizational skills - must drive your own projects to completion.
- Ability to work with important players at all levels of the business to determine adherence with regulatory and compliance requirements
- Great people skills and ability to work well in a fast paced team environment with a wide range of technical and non-technical teams.
- Excellent writing, communication, and organizational skills - strong attention to detail.
- Passion to aim higher and develop new skills.
- Ability to wear different hats, providing security advisory on controls and compliance frameworks while collaborating with the engineering team.
Equal Pay Statement:
The pay range for this role based in Colorado will be $80,000-$120,000 (Base + Commission Target). This role will also include equity and benefits.
ABOUT US
Sumo Logic, Inc. (NASDAQ: SUMO) empowers the people who power modern, digital business. Through its SaaS analytics platform, Sumo Logic enables customers to deliver reliable and secure cloud-native applications. The Sumo Logic Continuous Intelligence Platform™ helps practitioners and developers ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures. Customers around the world rely on Sumo Logic to get powerful real-time analytics and insights across observability and security solutions for their cloud-native applications. For more information, visit www.sumologic.com.
Tags: Analytics Audits AWS CI/CD Cloud Compliance FedRAMP Governance ISO 27001 Microservices Monitoring Network security PCI DSS Privacy Risk assessment SaaS SOC 2 Vulnerabilities
Perks/benefits: Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs