Security Compliance Analyst

DataRobot is the leader in enterprise AI, delivering trusted AI technology and enablement services to global enterprises competing in today’s Intelligence Revolution. DataRobot’s enterprise AI platform democratizes data science with end-to-end automation for building, deploying, and managing machine learning models. This platform maximizes business value by delivering AI at scale and continuously optimizing performance over time. The company’s proven combination of cutting-edge software and world-class AI implementation, training, and support services, empowers any organization – regardless of size, industry, or resources – to drive better business outcomes with AI.

With a singular focus on AI since its inception, DataRobot has a proven track record of delivering AI with ROI. DataRobot has offices across the globe and $431 million in funding from top-tier firms, including New Enterprise Associates, Sapphire Ventures, Meritech, and DFJ Growth. For more information, visit www.datarobot.com, and join the conversation on the DataRobot Community, Twitter and LinkedIn.

POSITION SUMMARY:

The Security Compliance Analyst will conduct information security risk assessments, vendor risk assessments against information security standards and requirements. The role requires a strong foundation of information security best practices, the ability to understand and communicate security risks and mitigating controls as well as keeping up with any newly introduced security requirements and keeping the firm up to date on new requirements and standards.

MINIMUM QUALIFICATIONS AND REQUIREMENTS:

Minimum 5 years Cyber & Information security, and IT risk.

In-depth knowledge of third-party vendor risk management and how to perform security assessments.

Comprehensive knowledge of Cyber and Information Security compliance and industry best practices including NIST, ISO 27001, SOX, FEDRAMP, CIS, etc.

Strong understanding of existing and emerging IT security tools and capabilities.

Strong abilities in all areas of communication, ability to interface and explain in layman’s terms information security risks, and requirements to senior staff and colleagues.

Familiarity with reviewing security contract language and interpretation of security clauses.

Good technology generalist, with a good understanding of all aspects of information security safeguards and technical controls and IT architecture.

REQUIRED SKILLS

Self- Starter, strategic thinker, negotiator, and consensus builder.

Strong knowledge of applicable compliance/risk concepts and methodologies

Strong understanding of risk assessments and vendor assessments

Excellent collaborative and influencing skills

Strong program management, project management, and execution and delivery oversight

Attention to detail around controls, metrics, accountability and operational excellence

Good understanding of information security audit standards and best practices

Excellent technical writing and communication skills

Excellent research and analytical skills

GENERAL DUTIES AND RESPONSIBILITIES:

(This is a representative list of the general duties the position may be asked to perform, and is not intended to be all-inclusive)

Lead coordinator of internal and third-party security risk assessments and audits.

Provides recommendation to operational IT and business teams on processes, controls, and objectives around audit and information security activities, best practices and process improvement, and facilitate assessment reporting and remediation activities.

Assist with Information Security Training and Awareness program to include the development of content and changes to content, reporting metrics and scheduling annual training activities.

Maintains Information Security Policy and Standards documentation and manages exception to policy/standard.

Supports daily operational security activities such as responses to member inquiries regarding the information security program as required.

Assist with other functional activities such as data loss prevention and vulnerability scanning, HR, and Legal investigations as needed.

Participates as required in Incident Response activities.

Works with IT and business Management to create clear, actionable plans detailing specific deliverables, timelines, and accountability to resolve information security issues.

Keep informed regarding new and emerging information technology trends including IAM solutions, endpoint protection technologies, web application firewalls, and intrusion prevention, encryption, access control methodologies, IDS/IPS systems, SIEM tools, and network scanners.

Conduct Information Security risk reviews and assessments in support of the Information Security strategy for DataRobot. Plan and schedule specific Information Security assessments of IT systems, business processes, vulnerability identification, and assessment considering executive priorities and business needs and IT resources.

Track Information Security related risks and corresponding action plans with dues dates to ensure that the issues are resolved.

Education: Bachelor’s degree in computer science, engineering, IT security management, risk management, or comparable professional education/training.