Sr. Global Security Compliance & Risk Analyst

We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.

Snowflake is seeking a Senior Security Compliance Analyst to join our Global Security Compliance & Risk team and help drive compliance across Product Engineering and Corporate Engineering. 

The Sr. Security Compliance Analyst will be a critical and high-impact individual contributor who would guide control owners to follow security and compliance best practices along with monitoring effectiveness of the controls. This role will report to the Security Compliance Manager within the Security and IT organizations.

JOB RESPONSIBILITIES :

• Support Snowflake business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including but not limited to Sarbanes Oxley (SOX), SOC, ISO 27001, ISO, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc. Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively.
• Conduct risk assessments, identify compliance control requirements for cloud based systems
• Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plans. Perform follow up activities related to remediation of gaps , and drive remediation efforts.
• Develop a close partnership with engineering and IT control owners to educate them on compliance requirements and develop risk-appropriate control implementation solutions.
• Advise IT and Engineering teams on security and compliance best practices to govern Snowflake’s identity and access ecosystem. 
• Be innovative and always think about ways to reduce manual audit processes. Partner with various automation teams to drive automated control monitoring and evidence collection.
• Advise process/control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
• Work closely with system partners to document system-based RBAC documentation and review access provisioning processes against the RBAC in order to identify areas of improvement or enhanced control monitoring with the objective of reducing security risk. 
• Identify process improvements and efficiencies in the existing processes to build robust processes, automate compliance and drive implementation of effective controls.
• Serve as primary point of contact to work closely with cross functional teams - Engineering/ product security/ IT/ corporate security teams to identify risk to the business/ product and other areas necessary 
• Collaborate closely with internal stakeholders to ensure compliance across various systems as well as interact with auditors to provide audit assurance.

QUALIFICATIONS :

• 8+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry. 
• Prior experience leading access governance or assurance programs
• Prior experience assessing or auditing cloud environments (AWS, Azure, and GCP), SaaS platforms, performing compliance assessments , conducting risk assessments and / or driving audits like SOX,ISO, SOC, PCI DSS
• Knowledge of key IAM focus areas, including identity management solutions, access revocation, entitlements management and reconciliation, and account monitoring. Understanding of identity and authentication principles and technologies.
• Understanding of access requests, approvals, and certification controls
• Ability to work independently, manage multiple priorities, and work on multiple projects. Excellent organizational skills and critical attention to detail and deadlines
• Ability to organize, conduct and drive meetings and outcomes independently.  Must be aware of and deliver quality stakeholder engagement experience in a fast-paced, innovative environment
• Strong analytical, communication (verbal and written), and project management skills
• Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
• Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP
• Demonstrated ability to self-direct project outcomes, with minimal supervision to achieve goals
• Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts

LOCATION:

• US, ability to support , attend meetings with Poland / Pune based team as required