IT SOX Compliance Analyst - Remote

Do you love challenges? Are you passionate about security and love implementing regulatory standards? Does educating and communicating the benefits of a systematic approach to security programs interest you? You want to be at the edge of learning new technologies, cloud frameworks and integrations? Do you feel like contributing to a common goal and being part of a group of people who work together with respect, mutual support and clear strategic goals? Then the BigCommerce Governance Risk Compliance & InfoSec team is calling. The number one thing our customers care about is Information Security. The person who accepts this challenge will be able to make a large impact on the maturity of our Information Security Management System. In this role, you’ll be helping guide the work to make BigCommerce a shining example of security best practices. 

The work involves supporting our compliance programs, working with our teams to implement risk improvement processes and projects. BigCommerce is committed to being a leader in Information Security in the ecommerce space. Your skills and your passion for protecting data and ensuring compliance will be a large factor in BigCommerce’s future success.

What you’ll do:

• Function as a representative of Information Security leading by example, being diplomatic yet firm, fair, flexible and consistent in deploying industry-standard information security best practices and applicable laws, regulations, and policies.
• Educate control owners on the quarterly user access review and annual role review processes 
• Facilitate the quarterly user access reviews by obtaining user lists, uploading data into SailPoint and monitoring status for effective completion 
• Complete all quarterly user access reviews by the 30 day deadline from the external auditors 
• Facilitate the annual role review by working with control owners to obtain permission lists and partnering with external parties for completion 
• Proactively communicate status of reviews and escalate challenges encountered 
• Create documentation of the quarterly user access review and annual role review processes including necessary steps, common pitfalls and recommendations for future iterations 
• Work with HR to obtain new user and termination listings 
• Assisting in the development and tracking of control recommendations for corrective action/improvement. 
• Stay abreast of current issues and obtain continuing education and training.
• Participate in special projects and perform other duties as requested.
• Maintain up-to-date knowledge about audit controls and techniques

Who You Are:

• 3+  years of relevant experience in a technology environment.
• Experience with translating business requirements into project implementation plans and validation, including user acceptance testing.
• Excellent verbal and written communication skills 
• Passion about process improvement and removing friction from systems
• Direct experience with audit and compliance frameworks, e.g., SOX, PCI, etc.
• Experience with auditors and the evidence collection process
• Experience with the design and testing of IT security controls in a managed hosting and/or Software-as-a-Service environment
• Experience in building relationships across business functions, locations, and technical stakeholders.
• Self-direction, attention to detail with a passion to solve practical problems while dealing with a number of variables.
• Ability to present ideas/solutions and communicate clearly, concisely, and accurately with others at all levels of the organization.
• Experience in reading the culture of a company, adjusting your style and adapting as needed.
• Collaborative, upbeat work ethic where you both take ownership and have fun.
• Able to meet deliverables and drive your work to completion within specified timelines

**Please submit your resume in English for review. **

• Fluent in English