Informatica is currently looking for a Sr. INFOSEC Compliance Analyst with experience in Enterprise and Product Governance and Compliance to join our team in Austin, Texas.
Reporting to the Information Security Governance, Compliance and Privacy Protection Senior Manager, the Senior INFOSEC Compliance Analyst will play a critical role in Informatica’s Governance and Compliance program and will be responsible for information security risk, governance and compliance duties in support of Informatica's cloud services.
The Senior INFOSEC Compliance Analyst will be establishing and nurturing business relationships with cross-departmental stakeholders to help drive maturity, capability, and scale Informatica’s ability to establish and maintain customer trust.
What You’ll Do
Assess, validate, document and support the implementation of internal controls as part of on-going compliance efforts (e.g., (IRAP Australia compliance - The Information Security Registered Assessors Program) SOX, AICPA SOC 2, HIPAA/HITECH, ISO27001, etc.) for Informatica’s product services and enterprise
Identify and report control nonconformities that affect Informatica’s strategic compliance objectives and make recommendations to stakeholders, aimed to reduce the likelihood of control failure.
Assist the compliance team with reviewing and tracking outstanding information security findings and remediations, especially as they relate to policy, procedures and risk gaps
Participate in driving education and awareness of Information security-related risks to Business, Users, IT Teams and reviewing the Information Security Controls implemented in the organization.
Participate in making recommendations to ensure effective and consistent control implementations and testing procedures to achieve Continuous Monitoring and Continuous Audit capabilities
Lead and conduct Information Security Unified Control Reviews to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures.
Bachelor’s degree in the field of Information Security, Computer Science or other information technology related discipline
4-6 years, experience in information security or related domain
Understanding and experience with IRAP, SOX, SOC2, ISO 27001, HIPAA
Experience in evaluating technical, physical, and administrative control implementations across cloud environments such as GCP, Azure, AWS
Desired certifications: CISSP, CRISC, CISA, CISM, or related GIAC
What Does Success Look Like?
You utilize your compliance background and skills to help Informatica attain regulatory compliance attestations such as SOX, IRAP and SOC2, and implement a common control framework that will be leveraged to enforce and assess continuous compliance across Informatica’s enterprise functions and the product offerings.
Nice to Have
Working knowledge of cloud security control frameworks, concepts, deployment architectures, and responsibility models
Ability to translate technical concepts into business terms
Excellent written and verbal communication, and stakeholder management skills
Ability to identify opportunities to reduce risks impacting organization's security posture and escalate issues to management and senior leadership where required
Skilled in creating and generating status and metrics report that can provide meaningful context to drive informed-decisions
Attention to detail and be a self-starter with the ability to work independently, multi-task, and adjust to shifting business priorities