Security Compliance Risk Analyst

We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.

ROLE 

Global Security Compliance & Risk Analyst - Pune

DESCRIPTION

Snowflake is seeking a Senior Security Compliance Analyst to join our Global Security Compliance & Risk team and help drive compliance across Product Engineering and Corporate Engineering. 

The Sr. Security Compliance Analyst will be a critical and high-impact individual contributor who would maintain and scale Snowflake’s User Access Review program and guide control owners to follow security and compliance best practices along with monitoring effectiveness of the controls. This role will report to the Security Compliance Manager within the Security and IT organizations. 

JOB RESPONSIBILITIES

• Manage and scale Snowflake’s User Access Review (UAR) program
• On a quarterly basis, ensure that all participating systems in the UAR program are prepared for review (coordinating with UAR Automation platform team to ensure the necessary data is loaded), configure and launch the campaigns in scope for that quarter, plan and conduct training for reviewers, manage communications to the participants and ensure closure and documentation of the end state for each participating system
• Identify and engage with participating system partners across the company to ensure readiness and engagement for regular UARs
• Produce and maintain data reporting, analysis, dashboards, and scorecards in support of overall UAR program health, execution, and closure documentation
• Gather feedback from all participants and reviewers to improve the UAR process and enhance Snowflake’s home-grown UAR automation platform. Manage training sessions for reviewers and participants during the execution of a review cycle
• Collaborate closely with internal stakeholders to ensure compliance across various systems as well as interact with auditors to provide audit assurance. 
• Work closely with system partners to document system-based RBAC documentation and review access provisioning processes against the RBAC in order to identify areas of improvement or enhanced control monitoring with the objective of reducing security risk. 

QUALIFICATIONS

• 3-5 years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
• Prior experience managing or supporting user access review (UAR) programs.
• Prior experience assessing or auditing cloud environments (AWS, Azure, and GCP), performing compliance assessments , conducting risk assessments and / or driving audits like SOX,ISO, SOC, PCI DSS
• Ability to multitask and manage simultaneous projects
• Ability to organize, conduct and drive meetings and outcomes independently.  Must be aware of and deliver quality stakeholder engagement experience in a fast-paced, innovative environment
• Strong analytical, communication (verbal and written), and project management skills
• Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
• Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP

LOCATION

• Pune, ability to support US time zone