Job Title: Senior Security & Compliance Analyst
Location: Santa Clara, CA (Jay St.)
This position reports to: Compliance Manager
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
We’re disruptive. We work hard but try not to take ourselves too seriously. We are highly adaptable and constantly evolving. We are passionate about our product, and we live for our customers. We have high expectations and a career at ServiceNow means challenging yourself to always be better.
What you get to do in this role:
We’re looking for a highly motivated, collaborative and technically experienced Senior Security & Compliance Analyst with ability to understand and influence cloud operational and security processes, effectively communicate ServiceNow’s controls including intent, and drive changes within the organization through effective testing. The successful candidate must be reliable, resourceful and have a “can-do” attitude.
You will be a key member of our team and play an important role in defining the Security and Compliance framework for a leading cloud company. In this role you will be required to demonstrate ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations.
ServiceNow current compliance initiatives are focused on, but not limited to ISO 27001, ISO 27018, ISO 27017, PCI, SSAE 18, SOC 2, HIPAA, 21 CFR Part 11, MTCS, IRAP, VPAT and ISO 9001. Senior Security & Compliance Analyst will be involved in driving and measuring compliance for the cloud business systems, control areas, process, and product for company compliance initiatives.
- Perform activities to help measure and monitor compliance with company policies and procedures
- Facilitate customer and certifier requests and information gathering for audit activities and lead onsite audits.
- Lead or assist with successful completion of vendor risk assessmentactivities
- Successfully project manage and drive testing activities across various teams within the organization
- Contribute by maintaining, enhancing and maturing the existing common controlframework
- Contribute in enhancing our GRC tool and processes to meet compliance business needs
In order to be successful in this role, we need someone who has:
- Minimum 5 to 7+ years working in the field of compliance or audit
- Direct and recent working experience with at least two of the following compliance programs: ISO 27001, ISO 2018, ISO 2017, PCI, SSAE18, SOC2, HIPPA, 21 CFR Part 11, MTCS, IRAP, VPAT, ISO 9001, Privacy
- Prior experience of working in the Security and Compliance group at a SaaS/Cloud company or with Security & Risk practice of a Big 4 firm
- Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP
- Strong organizational skills, attention to detail and ability to multi task
- Prior experience with GRC systems
- Ability to understand the intent of compliance requirements to provide effective and meaningful analysis
- Excellent verbal and written, to include report writing, communication skills
- Be able to work effectively with other members of the GRC organization to drive results, to include a remote team
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.