https://lh7-us.googleusercontent.com/docsz/AD_4nXedqLXVBlEilV6IZVWjfRqiXD7s65jnanrW9ho2iMG2RoZAem2QB0p7HktBnRgFcd5nMpmikg8VIYSlTVVD3GlwXKhIEoCvw3KgWsfsnxqu1E_p0Q5kVK22rNyCoNsDaVv3h_J415bbyELsrUdi860vDxf5?key=S7wCuwVWC2Yoq8SOXwgCDg" height="21" style="margin-left: 7.6430287px;margin-top: 0.0px;" />
Information Security Analyst - Governance, Risk, and Compliance (GRC)
*Currently we are only considering candidates in the following locations:
Georgia
Michigan
- Minnesota
- Maryland
Massachusetts
Ohio
New York
North Carolina
South Carolina
Virginia
Who We Are:
CrashPlan® provides peace of mind through easy-to-use, automatic endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity. We continue to innovate as the landscape of work evolves, which makes CrashPlan foundational to organizations’ data security. What starts as endpoint backup and recovery becomes a solution for ransomware recovery, breaches, migrations, and legal holds.
What You Will Be Doing:
We are recruiting for a Information Security Analyst - GRC to join our team. As a key member of the CrashPlan Information Security Team, you will be supporting the governance, risk management and compliance functions. We believe in smart security and in your role you will look for meaningful ways to manage risk, ensure compliance, and work with teams to implement better security practices.
Key Responsibilities:
Developing and implementing policies, procedures and controls to manage risks and ensure compliance with applicable regulations
Conducting security and privacy risk assessments and identifying potential risks and security consulting engagements
Monitoring compliance with regulations and industry standards (e.g. SOC2, ISO 27001, PCI-DSS, NIST 800-53, GDPR)
Conducting internal audits to ensure compliance with regulations and industry standards
Managing the compliance reporting process
Maintaining reporting and tracking for identified information security and privacy risks and working closely with risk owners to remediate
Executing periodic business continuity and disaster recovery testing
Supporting external audits, gathering and reviewing evidence, interfacing with auditors (e.g. SOC2, ISO 27001))
Prioritizing risks efficiently and appropriately; challenging assumptions and methodologies
Developing and maintaining cross-functional partnerships, and partnering with SMEs to determine appropriate risk-based remediation strategies
What You Bring:
Required Qualifications:
Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or related discipline and/or equivalent experience
3+ years professional experience in a similar role
Knowledge of/experience working with NIST 800-53, SOC2, ISO 27001, PCI-DSS and/or other relevant security frameworks
Knowledge of/experience conducting risk assessments, risk management frameworks, governance and Policy management
Strong analytical and problem solving skills
Strong communication skills and a relationship focused approach
Preferred Qualifications:
Experience with FedRAMP/StateRAMP and GDPR/ Privacy frameworks and conducting risk assessments and impact analysis
One or more information security or privacy certifications (e.g. CISSP, CISM, CIPP)
The base salary range for this position is $87,000 - $110,000. This position is eligible for an annual bonus based on individual and company performance in addition to a full range of benefits. Final compensation will be dependent on various factors relevant to the position and the candidate such as geographical location, candidate qualifications, certifications, relevant job-related work experience, education, skillset and other relevant business and organizational factors, consistent with applicable law. This information is provided per the relevant state and local pay transparency laws for the location in which this position will be performed.