As the Senior security and compliance analyst, you will be responsible for identifying and monitoring company risk and helping to ensure compliance with changing regulations and security standards. You will be responsible for building and enhancing Trifacta’s security and compliance posture, performing internal security audits, responding to customer security due diligence requests, performing third-party security assessments, and coordinating external annual audits.
This position reports to the VP of Engineering.
- Assists in the analysis and implementation of security requirements.
- Reviews infrastructure and application architecture for security and compliance; provides actionable guidance to ensure secure infrastructure and application architecture posture.
- Provide technical and quality oversight regarding IT risks, controls and technologies, including ongoing risk assessments, risk decisions, control implementation, evaluation of segregation of duties, and process improvement opportunities
- Collaborate with Technology Compliance on IT Risk Management, IT Vendor Risk management, and the ongoing evaluation and updating of IT Policies and procedures.
- Collaborate with key stakeholders across the organization to ensure that our high-risk vendors are assessed on a frequent basis.
- Implement or manage compliance framework (SOC2, ISO 27001, HIPAA/HITRUST) controls and processes into an actionable, well-understood, and monitorable program where control owners are aware of their ownership of controls.
- Coordinates all internal and external audits
- Communicate security requirements and implications to stakeholders of varying levels and business focus and manage all employee and business process compliance activities for the entire company. Assist in the preparation of executive presentations and participate in recurring security governance oversight meetings.
- Coordinate policy and standard development including ensuring policies/standards remain in sync with operational practices, overseeing the policy/standard change management process and coordinating a policy/standard exception process
- Interacting with prospects/ customers and support security due-diligence requests. Provide timely, accurate responses to customer inquiries.
- Bachelor’s degree is required in a related field; information systems, computer science, business, finance or accounting preferred
- Minimum experience of five years in internal or external auditing, with emphasis on IT auditing, preferably with larger companies having complex IT environments
- Proven experience with evaluating security and controls on various on-premise and cloud-based technologies
- Experience leading and/or with managing the entire audit lifecycle of a certification program for at least two of the following– ISO 27001, HIPAA/HITRUST, SOC 2
- Strong ability to understand, assess and prioritize risks across the components of the IT environment (application, operating system, and database)
- Solid communication skills, including a proven ability to articulate to others outside of Compliance (e.g. Controllership) complex IT risks, their impact, and the required action plans to address those risks
- One or more of the following professional certifications required: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professionals (CISSP); ISO 27001 Lead Auditor/ Lead Implementer
Our team strives to set a new bar for SAAS based products with modern, well-designed, real-time apps. We have recently raised our Series-E funding of $100 million.Our product is highly differentiated and has a very strong unique value proposition. Our product is OEMed by google for a first class service on GCP (https://cloud.google.com/dataprep/) as well as IBM for Watson Platform (their AI and Data platform).
We operate with a trust based culture with strong independence and autonomy to teams. We don't operate under artificial deadlines and give freedom to every engineer to do engineering in the right way. We operate as a single team and display great teamwork. We believe in creating the impact through our work. We offer a learning environment with exposure to a broad range of engineering problem statements and a collaborative setup to solve them well. See - https://www.trifacta.com/about-us/ for some more details.
Trifacta is an equal opportunity employer. At Trifacta, we are committed to cultivating a culture of authenticity, inclusion and connectedness. Our diverse voices and backgrounds enrich the Trifacta community with experience, insights, knowledge, innovation and the collective ability to achieve excellence. We respect and value the unique contributions of each individual, creating a safe space for self-expression across ethnicity, race, sex, gender identity, national origin, age, language, education, color, religion, disability, sexual orientation, veteran’s status, opinions, cultures and beliefs. We know that embracing our differences has a multiplying effect and brings out the best of humanity.