Senior / Security Compliance Risk Analyst (CIA)

We’re at the forefront of the data revolution, committed to building the world’s greatest data and applications platform. Our ‘get it done’ culture allows everyone at Snowflake to have an equal opportunity to innovate on new ideas, create work with a lasting impact, and excel in a culture of collaboration.

Snowflake is seeking a Senior Security Compliance Specialist to join our Global Security Compliance & Risk team and help drive compliance across Product Engineering & Corporate systems. 

The Sr. Security Compliance Specialist will be a critical and high-impact  individual contributor to to help control owners to comply with required controls along with monitoring effectiveness of the controls. This role will report to the Security Compliance Manager within the Security and IT organizations. 

JOB RESPONSIBILITIES

• Conduct Compliance Risk Assessments / Compliance Impact Assessments ( CIA) of cloud based applications to determine impact of new projects/changes on security & compliance posture of the organization. 
• Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment
• Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plan. Perform follow up activities related to remediate gaps , drive remediation efforts.
• Achieve and maintain security and compliance posture in accordance with information security standards Sarbanes Oxley (SOX) and other regulatory requirements including but not limited to Sarbanes Oxley (SOX), SSAE18,ISO 27001, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc.  
• Support with annual and on-going compliance audits (including IT SOX controls) and facilitate testing by coordinating with internal audit, external auditors, IT management, process owners and control owners. Serve as the primary point of contact and develop trusted relationships with control owners across Corporate IT and Product Engineering.
• Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively.
• Work with Engineering and Corporate teams to test, monitor and automate controls for areas like Change Management, SDLC, Configuration Management, Logging etc
• Identify process improvements and efficiencies in the change management, vulnerability management, Logging & Monitoring areas to build robust policies and drive implementation of effective controls.
• Review Change and release processes of in scope systems to identify risks, areas of improvement.
• Help automate manual audit activities to proactively identify, evaluate and monitor potential compliance violations and findings using data analytics, SQL. 
• Work on identifying and addressing risks from the Software Supply Chain.
• Conduct risk assessments, identify risks and compliance control requirements for engineering projects
• Develop a close partnership with engineering control owners to educate and inform them around priority and importance of compliance requirements, ability to translate requirements into engineering language and priorities, and continuously work with them to develop business and risk-appropriate control implementation solutions while balancing engineering and business priorities with compliance needs.
• Assist with integrating policy and regulatory compliance requirements into the organization’s processes (e.g., SDLC, Change Management, etc.).
• Support and monitor remediation efforts of audit findings and deficiencies and validate the closure by reviewing relevant evidence.
• Assist with development of technical security risk and compliance documentation to create repeatable audit artifacts. Assist with review and updates to compliance policies and procedures. 
• Work cross-functionally to drive security control implementation for the organization.
• Have the ability to identify risks associated with business processes, operations, information security programs and technology projects.

QUALIFICATIONS

• 7+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
• Must have minimum 2 - 3 years experience supporting and driving SOX or (ISO, SOC, PCI DSS )  readiness and audit (e.g. control design review, control operating effectiveness audit, assessment write -ups and control documentation review,audit evidence upload, supporting audit walkthroughs with auditors, etc.) 
• Prior experience auditing, performing compliance assessments , conducting risk assessments for major SaaS platforms against control requirements
• Prior experience managing security compliance audits of cloud environments (AWS, Azure, and GCP) against SOX ITGCs, SOC1 & 2, ISO 27001, PCI DSS, NIST 800-53, etc.
• Experience in conducting risk assessments
• Experience in testing and monitoring Change Management, Release, deployment, SOD, SDLC controls for systems using Agile Methodologies.
• Familiarity with Change Management tools like Jenkins, GitHub, JIRA, ServiceNow
• Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement.  Must be aware of and deliver quality stakeholder engagement experience. 
• Ability to work efficiently and independently in a fast-paced, innovative environment
• Strong analytical, communication (verbal and written), and project management skills
• Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
• Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
• Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP
• Ability to multitask and manage simultaneous projects

Snowflake is growing fast, and we’re scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake. 

How do you want to make your impact?