Information Security Risk Analyst II

What Are We Looking For?

We are looking for a highly motivated, collaborative, and experienced Information Security Risk Analyst, with a “security throughout” mindset who can balance risk, business drivers, and timelines. Reporting to the Sr. Manager of Governance, Risk & Compliance, this position will be responsible for understanding and supporting the design of SentinelOne's organizational, procedural, and technological security controls within the context of security frameworks applicable to SentinelOne.

What Will You Do?

• Evaluate relevant global standards, compliance frameworks, and regulations to analyze existing controls, identify areas for improvement, and design control growth.
• Participate in information security pre-sales and post-sales support cycles.
• Maintain an up-to-date pre-sales packet - knowledge base of all security-related questions and responses.
• Work with the Legal team to review and respond to information security requirements in customer MSAs / contracts / SOWs.
• Review and respond to customer security questionnaires, RFPs / RFIs, and external security inquiries.
• Participate in internal security and compliance programs and track recurring controls, such as IRAP, SSAE 18 SOC 2, ISO 27001/27002, CSA STAR, PCI DSS.
• Configure, update, and manage the GRC platform.
• Provide assistance during internal and external audits and evidence collection.
• Participate in defining, collecting, and tracking various security metrics.

What Skills and Knowledge Should You Bring?

• 3+ years of experience working in information security or compliance.
• Working experience with ISO 27001, SSAE 16/18 SOC 2, CSA STAR, PCI DSS, and other applicable regulatory compliance frameworks.
• Experience working with security controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness and Training, BC/DRP, etc.
• Ability to communicate effectively - in writing and verbally - to target audiences, including customers, partners, auditors, executive management, vendors, and peers.
• Experience working with both technical and non-technical teams.
• Ability and desire to understand the intent of requirements, and provide effective recommendations.
• Ability to prioritize in a highly-dynamic work environment.
• Bachelor’s degree in computer science, information technology or information security.
• Relevant certifications (e.g. ISO 27001 LA/LI, CISA, CISM, CISSP, CEH, CCSK, etc.)
• Ability to assess and pragmatically define scope and relevant controls.