InfoSec Compliance Analyst​

Reporting to the Senior Manager of Information Security Governance and Compliance, the Senior Analyst will play a critical role in Informatica’s Governance and Compliance program and will be responsible for information security risk, governance and compliance duties in support of Informatica's cloud services. 

Our Ideal Candidate:

• Lead and conduct Information Security Unified Control Reviews to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures.
• Assist in the evolution of security policies, procedures.
• Support our cloud-hosted, and on-premise environments to ensure they meet regulatory and industry guidelines and security best practices.
• Assist the compliance team with reviewing and tracking outstanding information security audit findings, especially as they relate to policy, procedures and risk gaps.
• Assess, document and support the implementation of IT internal controls as part of on-going compliance efforts (e.g., SOX, AICPA SOC 2, HIPAA/HITECH, IS0 IEC 27001, etc.).
• Ensure effective and efficient control design, implementation and testing procedures.
• Ensure all risk gap findings are documented, classified and addressed with appropriate action as per the standards.
• Ability to express technical concepts in business terms; communicate with senior management on security requirements and provide recommendations.
• Active participation in driving education and awareness of Information security-related risks to Business Units, Users, IT Teams and reviewing the Information Security Controls implemented in the organization.

Knowledge and Requirements:

• Bachelor degree in the field of Information Security, Computer Science or highly related program
• 4-6 years, experience required
• Relevant experience in corporate security management and security governance framework control assessments
• Excellent written and verbal communication, and stakeholder management skills
• Experience and understanding of regulatory requirements and guidelines (e.g., FedRAMP, SOX, SOC2, ISO 27001, PCI DSS, HIPAA, etc.).  
• Ability to identify opportunities to reduce the organization’s overall security risk posture and escalate issues to management and senior management where required.
• Ability to effectively coordinate with internal security and business groups to ensure compliance with Informatica’s policies, internal and external regulatory requirements, government regulations and security best practices
• Skilled in creating and generating metric reports that can provide meaningful context to drive informed-decisions
• Desired certifications: CISSP, CRISC, CISA, CISM, or related GIAC