Sr. Global Security Compliance & Risk Analyst
San Mateo, CA, USA
We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.
Snowflake is seeking a Senior Security Compliance Analyst to join our Global Security Compliance & Risk team and help drive compliance across Product Engineering and Corporate Engineering.
The Sr. Security Compliance Analyst will be a critical and high-impact individual contributor who would guide control owners to follow security and compliance best practices along with monitoring effectiveness of the controls. This role will report to the Security Compliance Manager within the Security and IT organizations.
JOB RESPONSIBILITIES :
- Support Snowflake business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including but not limited to Sarbanes Oxley (SOX), SOC, ISO 27001, ISO, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc. Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively.
- Conduct risk assessments, identify compliance control requirements for cloud based systems
- Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plans. Perform follow up activities related to remediation of gaps , and drive remediation efforts.
- Develop a close partnership with engineering and IT control owners to educate them on compliance requirements and develop risk-appropriate control implementation solutions.
- Advise IT and Engineering teams on security and compliance best practices to govern Snowflake’s identity and access ecosystem.
- Be innovative and always think about ways to reduce manual audit processes. Partner with various automation teams to drive automated control monitoring and evidence collection.
- Advise process/control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
- Work closely with system partners to document system-based RBAC documentation and review access provisioning processes against the RBAC in order to identify areas of improvement or enhanced control monitoring with the objective of reducing security risk.
- Identify process improvements and efficiencies in the existing processes to build robust processes, automate compliance and drive implementation of effective controls.
- Serve as primary point of contact to work closely with cross functional teams - Engineering/ product security/ IT/ corporate security teams to identify risk to the business/ product and other areas necessary
- Collaborate closely with internal stakeholders to ensure compliance across various systems as well as interact with auditors to provide audit assurance.
- 8+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry.
- Prior experience leading access governance or assurance programs
- Prior experience assessing or auditing cloud environments (AWS, Azure, and GCP), SaaS platforms, performing compliance assessments , conducting risk assessments and / or driving audits like SOX,ISO, SOC, PCI DSS
- Knowledge of key IAM focus areas, including identity management solutions, access revocation, entitlements management and reconciliation, and account monitoring. Understanding of identity and authentication principles and technologies.
- Understanding of access requests, approvals, and certification controls
- Ability to work independently, manage multiple priorities, and work on multiple projects. Excellent organizational skills and critical attention to detail and deadlines
- Ability to organize, conduct and drive meetings and outcomes independently. Must be aware of and deliver quality stakeholder engagement experience in a fast-paced, innovative environment
- Strong analytical, communication (verbal and written), and project management skills
- Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
- Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP
- Demonstrated ability to self-direct project outcomes, with minimal supervision to achieve goals
- Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
- US, ability to support , attend meetings with Poland / Pune based team as required
* Salary range is an estimate based on our salary survey 💰
Tags: Audits Automation AWS Azure CISA CISM CISSP Cloud Compliance FedRAMP GCP Governance HIPAA HITRUST IAM ISO 27001 Monitoring PCI DSS Product security Risk assessment SaaS SOC
Perks/benefits: Team events
More jobs like this
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Head of Information Security jobs
- Open Cyber Hunt SME jobs
- Open Security Consultant jobs
- Open Lead Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Security Operations Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Penetration Tester jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Director of Information Security jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open DevSecOps-related jobs
- Open IAM-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open CI/CD-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Malware-related jobs
- Open OWASP-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs