Security Compliance Analyst

Who We Are:

Bandwidth (NASDAQ: BAND) is a global communications software company that helps enterprises connect people around the world with cloud-ready voice, messaging and emergency services. Backed by a network reaching 60+ countries covering 90 percent of global GDP, companies like Cisco, Google, Microsoft, RingCentral, Uber and Zoom use Bandwidth's APIs to easily embed communications into software and applications. Bandwidth has more than 20 years in the technology space and was the first Communications Platform-as-a-Service (CPaaS) provider to offer a robust selection of APIs built around our own global network. Our award-winning support teams help businesses around the world solve complex communications challenges every day.

At Bandwidth, your music matters when you are part of the BAND.  We celebrate differences and encourage BANDmates to be their authentic selves.  #jointheband

What We Are Looking For:

As part of the InfoSec GRC team, the Security Compliance Analyst core objective is to support Bandwidth’s ISMS, security audits, and other GRC related functions. The Analyst is expected to have audit knowledge and experience around common security controls for compliance needs.  Focusing on audit reviews of users, access, roles, privileges, and permissions across complex IT environments. Secondary focus includes involvement in the maintenance and/support of Bandwidth’s ISMS including all aspects of GRC (ie; vendor risk management, policy management, risk management, compliance management, and awareness training). The Analyst is expected to be aware of and actively uphold the enterprise’s security goals as established by its stated policies and program objectives through interfacing with peers in security and across the organization.

What You'll Do:

• Conduct and document security compliance assessments based on a variety of standards.
• Assist with internal and external audits in support of the Information Security program.
• Ability to work with multiple teams to drive reduction in risks and improve overall compliance.
• Perform internal audits to validate completeness and accuracy of the ISMS and security program.
• Support internal audits of contractual and policy controls to validate effectiveness and compliance.
• Perform user access review audits, and summary reporting on a recurring basis.
• Develop remediation and corrective actions as driven by audit results towards compliance within the organization.
• ISMS maintenance activities including regular reviews of information security controls and documentation.
• Assist with awareness training and related records.
• Participate in the ISC (Information Security Committee).
• Participate in audits of vendors and contractors to ensure compliance to security requirements.
• Assist with reviewing, collecting, and creating reports for security compliance and governance needs.
• Participate and assist with information security incidents (IRT), handling, processing, response, and reporting.
• Other duties as assigned.

What You Need:

• College degree in an IT or Information Security, Cyber discipline or other equivalent combination of education and/or work experience that is focused on IT Security, Risk Management, Data Protection and/or Compliance.
• Minimum 4 years in IT related roles; 2 years of Information Security and related audit experience required.
• Understanding of common cyber security standards and frameworks.
• Cloud security familiarity and/or experience, AWS preferred.
• Familiarity of Windows and Linux operating systems.
• Knowledge of common security tools; GRC-ISMS, SIEM, scan (vulns, configs, software, endpoint).
• Experience using common enterprise tools such as Jira, Servicenow, G-Suite, Workday, Slack.
• Understanding of IT systems, architecture, design, towards common industry best practices.
• Strong analytical skills (logical/critical thinking) assessing and identifying  areas of  concern, etc.
• Highly motivated; willingness to learn.
• Flexible to  move between work streams to help accommodate priorities.

Bonus Points:

• Certifications preferred, but not required for the role.
• Cloud compliance experience for security and privacy.
• Cloud security certification.
• Security or Privacy certifications.
• Business Continuity Plans and Disaster Recovery Plans.

The Whole Person Promise: 

At Bandwidth, we’re pretty proud of our corporate culture, which is rooted in our “Whole Person Promise.” We promise all employees that they can have meaningful work AND a full life, and we provide a work environment geared toward enriching your body, mind, and spirit. How do we do that? Well…

• 100% company-paid Medical, Vision, & Dental coverage for you and your family with low deductibles and low out-of-pocket expenses.
• All new hires receive four weeks of PTO.
• PTO Embargo. When you take time off (of any kind!) you’re embargoed from working. Bandmates and managers are not allowed to interrupt your PTO - not even with email.
• Additional PTO can be earned throughout the year through volunteer hours and Bandwidth challenges.
• “Mahalo moments” program grants additional time off for life’s most important moments like graduations, buying a first home, getting married, wedding anniversaries (every five years), and the birth of a grandchild.
• 90-Minute Workout Lunches and unlimited meetings with our very own nutritionist.

Are you excited about the position and its responsibilities, but not sure if you’re 100% qualified? Do you feel you can work to help us crush the mission? If you answered ‘yes’ to both of these questions, we encourage you to apply! You won’t want to miss the opportunity to be a part of the BAND.

Applicant Privacy Notice