Senior Information Security & Compliance Analyst
Location: Kirkland, Washington
This position reports to: Cloud Governance Manager
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
We’re disruptive. We work hard but try not to take ourselves too seriously. We are highly adaptable and constantly evolving. We are passionate about our product, and we live for our customers. We have high expectations and a career at ServiceNow means challenging yourself to always be better.
What you get to do in this role:
We’re looking for a highly motivated, collaborative and technically experienced Sr. Information Security & Compliance Analyst with ability to understand cloud operational and security processes, effectively communicate ServiceNow’s risks, and drive remediation/changes within the organization. The successful candidate should be reliable, resourceful and has a “can-do” attitude.
You will be a key member of our team and play an important role in defining the Security and Compliance framework for a leading cloud company. In this role you will be required to demonstrate ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations. ServiceNow current cloud compliance initiatives are focused on, but not limited to ISO 27001, ISO 27018, FISMA, FedRAMP, PCI, SSAE 16, SOC 2, HIPAA, 21 CFR Part 11 and NERC CIP. The Senior Information Security and Compliance Analyst will be involved in driving and measuring compliance for the cloud business systems, control area, process, and product for company compliance initiatives.
- Lead or assist with successful completion of risk assessment activities
- Successfully project manage and drive remediation activities across various teams within the organization
- Drive integration of remediation efforts with the risk management process
- Contribute by enhancing and maturing the existing cloud risk frameworks
- Perform regulation and standard gap analysis and prepare summary reports
- Perform activities to help measure and monitor compliance with company policies and procedures
- Facilitate customer request and information gathering for audit activities.
- Help our customers understand ServiceNow’s security and compliance control environment
- Complete customer assessment questionnaires
- Contribute in enhancing our IT GRC tool to meet compliance business needs
- Develop/Enhance dashboard for management level reporting
In order to be successful in this role, we need someone who has:
- 7+ years working in the filed of compliance or security
- Prior experience of working in the Security and Compliance group at a SaaS/Cloud company or with Security & Risk practice of a Big 4 firm
- Direct and recent working experience with at least two of the following compliance program: ISO 27001, PCI, SSAE16, SOC2, HIPPA, 21 CFR Part 11 and FISMA/FedRAMP
- Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP
- Ability to manage security and compliance projects
- Prior experience with IT GRC systems
- Ability to understand the intent of compliance requirements to provide effective and meaningful analysis
- Excellent report writing skills, ability to prepare compliance reports and associated metrics
- Excellent verbal and written communication skills
Location This job is located at our Kirkland, Washington facility. No telecommuting available.
Candidates must be able to meet all federal government security screening requirements as indicated: Federal security screening requirements call for applicant to verify U.S. Citizenship. Additional customer screening requirements may include additional items such as, but not limited to: specialized agency background checks (either national or local) and fingerprinting, as well as the ability to obtain a government personnel security clearance.
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, national origin, protected veteran status, or on the basis of disability.