Description:
The Principal, Security Compliance Analyst will have the opportunity to make meaningfully contributions to the OpenText Compliance Program in accordance with various security frameworks, including and not limited to SOC1/2/3, ISO 27001, ISO27017, FedRAMP, SWIFT, HIPAA, and SOC2+HITRUST frameworks. The Principal Security Analyst plays a key role in the continued development and maturity of an ever-growing Security Compliance Program that supports the delivery of compliance certifications and customer security requirements. In this role, you will be involved in managing and sustaining the various compliance programs by working collaboratively with Product, Cloud Operations, internal teams, auditors and other stakeholders.
You Are Great At
- Partner with OpenText stakeholders strategically to increase the Compliance outreach and impact within the company, and better support customer security certification requirements.
- Collaborate with Product teams to develop new product and compliance certification strategies to support customer commitments.
- Collaborate with Cloud Operation teams to identify key controls with common ownership, and develop a shared technology report for efficient audit testing across multiple business units and product lines, supporting the “test once, report many” compliance strategy.
- Develop metrics and dashboards for reporting on assigned compliance programs.
- Collaborate cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of compliance readiness and audit execution.
- Track and maintain the overall compliance scope, including products and services that are within audit scope.
- Influence and Interface with external auditors, articulating control implementation and impact, and establishing considerations for applying security and compliance concepts to a technical cloud environment.
- Identify and track process improvement efforts, and articulate impact to customers and contractual commitments.
- Participating in, or potentially leading, gap assessment, compliance readiness, and compliance monitoring activities.
What It Takes
- 7+ years of experience in IT audit and/or compliance, with a concentration on leading multiple, simultaneous audit engagements in large Cloud Service Provider environment, encompassing multiple frameworks.
- Familiar with Information Security principles, knowledge of IT processes (e.g. Change Management, Incident Management, Risk Management, Network and System Administration).
- Experience collaborating with non-compliance professionals, advocating and educating the organization on compliance values and requirements.
- Ability to independently research and translate new security frameworks and requirements into impact and effort estimates for the compliance delivery team.
- Understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for compliance assessments.
- Experience leading preparation for and/or managing assessment activities (ISO 27001, SOC reporting, HIPAA/HITRUST, etc.) for assigned cloud services through assessment planning, assessment fieldwork, and final report delivery.
- Strong technical, analytical, interpersonal, communication and writing skills.
- Ability to work both independently and within a global team environment.
- Strong personal characteristics as demonstrated by the following: achievement-oriented, self-controlled, self-confident, collaborative, flexible, approachable, and dedicated.
- Required industry standard certifications (CISSP, CISA) or equivalent.
- Bachelor’s Degree in Information Technology, Business or related vocations.