Security Compliance Analyst
Raleigh, NC
Applications have closed
Who We Are:
Bandwidth (NASDAQ: BAND) is a global communications software company that helps enterprises connect people around the world with cloud-ready voice, messaging and emergency services. Backed by a network reaching 60+ countries covering 90 percent of global GDP, companies like Cisco, Google, Microsoft, RingCentral, Uber and Zoom use Bandwidth's APIs to easily embed communications into software and applications. Bandwidth has more than 20 years in the technology space and was the first Communications Platform-as-a-Service (CPaaS) provider to offer a robust selection of APIs built around our own global network. Our award-winning support teams help businesses around the world solve complex communications challenges every day.
At Bandwidth, your music matters when you are part of the BAND. We celebrate differences and encourage BANDmates to be their authentic selves. #jointheband
What We Are Looking For:
As part of the InfoSec GRC team, the Security Compliance Analyst core objective is to support Bandwidth’s ISMS, security audits, and other GRC related functions. The Analyst is expected to have audit knowledge and experience around common security controls for compliance needs. Focusing on audit reviews of users, access, roles, privileges, and permissions across complex IT environments. Secondary focus includes involvement in the maintenance and/support of Bandwidth’s ISMS including all aspects of GRC (ie; vendor risk management, policy management, risk management, compliance management, and awareness training). The Analyst is expected to be aware of and actively uphold the enterprise’s security goals as established by its stated policies and program objectives through interfacing with peers in security and across the organization.
What You'll Do:
- Conduct and document security compliance assessments based on a variety of standards.
- Assist with internal and external audits in support of the Information Security program.
- Ability to work with multiple teams to drive reduction in risks and improve overall compliance.
- Perform internal audits to validate completeness and accuracy of the ISMS and security program.
- Support internal audits of contractual and policy controls to validate effectiveness and compliance.
- Perform user access review audits, and summary reporting on a recurring basis.
- Develop remediation and corrective actions as driven by audit results towards compliance within the organization.
- ISMS maintenance activities including regular reviews of information security controls and documentation.
- Assist with awareness training and related records.
- Participate in the ISC (Information Security Committee).
- Participate in audits of vendors and contractors to ensure compliance to security requirements.
- Assist with reviewing, collecting, and creating reports for security compliance and governance needs.
- Participate and assist with information security incidents (IRT), handling, processing, response, and reporting.
- Other duties as assigned.
What You Need:
- College degree in an IT or Information Security, Cyber discipline or other equivalent combination of education and/or work experience that is focused on IT Security, Risk Management, Data Protection and/or Compliance.
- Minimum 4 years in IT related roles; 2 years of Information Security and related audit experience required.
- Understanding of common cyber security standards and frameworks.
- Cloud security familiarity and/or experience, AWS preferred.
- Familiarity of Windows and Linux operating systems.
- Knowledge of common security tools; GRC-ISMS, SIEM, scan (vulns, configs, software, endpoint).
- Experience using common enterprise tools such as Jira, Servicenow, G-Suite, Workday, Slack.
- Understanding of IT systems, architecture, design, towards common industry best practices.
- Strong analytical skills (logical/critical thinking) assessing and identifying areas of concern, etc.
- Highly motivated; willingness to learn.
- Flexible to move between work streams to help accommodate priorities.
Bonus Points:
- Certifications preferred, but not required for the role.
- Cloud compliance experience for security and privacy.
- Cloud security certification.
- Security or Privacy certifications.
- Business Continuity Plans and Disaster Recovery Plans.
The Whole Person Promise:
At Bandwidth, we’re pretty proud of our corporate culture, which is rooted in our “Whole Person Promise.” We promise all employees that they can have meaningful work AND a full life, and we provide a work environment geared toward enriching your body, mind, and spirit. How do we do that? Well…
- 100% company-paid Medical, Vision, & Dental coverage for you and your family with low deductibles and low out-of-pocket expenses.
- All new hires receive four weeks of PTO.
- PTO Embargo. When you take time off (of any kind!) you’re embargoed from working. Bandmates and managers are not allowed to interrupt your PTO - not even with email.
- Additional PTO can be earned throughout the year through volunteer hours and Bandwidth challenges.
- “Mahalo moments” program grants additional time off for life’s most important moments like graduations, buying a first home, getting married, wedding anniversaries (every five years), and the birth of a grandchild.
- 90-Minute Workout Lunches and unlimited meetings with our very own nutritionist.
Are you excited about the position and its responsibilities, but not sure if you’re 100% qualified? Do you feel you can work to help us crush the mission? If you answered ‘yes’ to both of these questions, we encourage you to apply! You won’t want to miss the opportunity to be a part of the BAND.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Audits AWS Cloud Compliance Governance ISMS Jira Linux Privacy Risk management SIEM Windows
Perks/benefits: Flex hours Flex vacation Health care Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs