Finance and Economics IT Management & Business Others
3 - 5 Years
April 23, 2018
Security & Compliance Analyst
Security & Compliance Analyst
This position reports to: Sr. Manager, Compliance
ServiceNow is changing the way people work. With a service-orientation toward the activities, tasks and processes that make up day-to-day work life, we help the modern enterprise operate faster and be more scalable than ever before.
Were disruptive. We work hard but try not to take ourselves too seriously. We are highly adaptable and constantly evolving. We are passionate about our product, and we live for our customers. We have high expectations and a career at ServiceNow means challenging yourself to always be better.
What you get to do in this role:
Were looking for a highly motivated, collaborative and technically experienced Security & Compliance Analyst with ability to understand cloud operational and security processes, effectively communicate ServiceNows controls, and support changes within the organization through effective testing. The successful candidate must be reliable, resourceful and have a can-do attitude.
You will be a key member of our team and play an important role in defining the Security and Compliance framework for a leading cloud company. In this role you will be required to demonstrate ability to analyze difficult problems, think out-of-box and provide pragmatic solutions and recommendations. ServiceNow current compliance initiatives are focused on, but not limited to ISO 27001, ISO 27018, FedRAMP, PCI, SSAE 18, SOC 2, HIPAA, 21 CFR Part 11, MTCS, IRAP and NERC CIP.
Evaluates the design and effectiveness of common controls based upon industry best practice models (e.g. COBIT, ITIL) in accordance with compliance requirements.
Performs testing activities to help measure and monitor compliance with company policies and procedures.
Assists in the analysis and definition of security requirements.
Participates in external certification and customer audit events, including preparation, sample delivery, onsite facilitation and management responseactivities.
Participates in internal audit events, including discovery, planning, building, testing and gap identification and prepares summary audit reports.
Participates in vendor security risk assessment audits including discovery, testing, gap identification and summary risk assessment reports.
Candidates must be able to meet all federal government security screening requirements as indicated: Federal security screening requirements call for applicant to verify U.S. Citizenship. Additional customer screening requirements may include items such as, but not limited to: specialized agency background checks (either national or local) and fingerprinting, as well as the ability to obtain a government personnel security clearance.
In order to be successful in this role, we need someone who has:
1+ years working in the field of compliance or audit
Ability to understand the intent of compliance requirements to provide effective and meaningful analysis
Excellent report writing skills, ability to prepare compliance reports
Excellent verbal and written communication skills
Prior experience of working in the Security and Compliance group at a SaaS/Cloud company or with Security & Risk practice of a Big 4 firm preferred
Prior experience with GRC systems preferred
We provide competitive compensation, generous benefits and a professional atmosphere. This is a very collaborative and inclusive work environment where individuals strong on aptitude and attitude will have an opportunity to grow their professional careers through working with some of the most advanced technology and talented developers in the business.