Senior Security, Risk, and Compliance Analyst

Alation continues to hire for roles at various locations with all interviewing and on-boarding done virtually due to COVID-19 crisis.Big Data isn’t a problem. It’s an opportunity. At Alation, we help people find, understand, and trust data, so they not only excel in their work — they drive value for their enterprise, team, and role. In the words of one customer, “Alation makes me look like a rockstar.”We help companies like Pfizer, PepsiCo, and Munich Re empower their people with the best data every day. As a platform for innovation, Alation helps customers create game-changing solutions and products (like a program for early-stage disease detection with Pfizer, or a wind farm offering a guaranteed ROI with Munich Re). And we’re just getting started.With more than $217M in funding - valued at $1.2 billion and 350+ customers with household names, Alation is poised to capitalize on data as an opportunity. Headquartered in Silicon Valley, Alation was named to Inc. Magazine’s Best Workplaces list for the third time, and our exceptional Glassdoor rating (4.9 out of 5!) reflects a culture that makes coming to work each day a joy. Do you want to join a team that welcomes new ideas, supports your growth and recognizes your unique value?Join us!Alation is looking for a Senior Security, Risk, and Compliance Analyst to join our US team!

What you'll be doing:

• Enhance the documentation for the Information Security Management System (ISMS)/Privacy Information Management System (PIMS)
• Engage with security and compliance team to ensure the control narratives are fully populated and maintained
• Evaluate the effectiveness of existing controls and propose new controls and processes as appropriate
• Own Security portion of RFPs and RFIs from Alation customers, and coordinate with other departments to obtain answers for questions outside of security, such as those from Engineering and Product
• Conduct Quarterly Access Reviews 
• Assist with the execution of an information security training and awareness program for Alation's employees
• Support the development and communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls
• Plan, schedule, and monitor compliance efforts from inception through delivery
• Perform assessments of security controls and processes to identify gaps and support the implementation of appropriate mitigations
• Understand technical implementation details necessary to assess security risks and design practical security controls
• Assist with risk assessments and treatment plans
• Enable the sales team with customer requests
• Participate in the development and oversight of required corrective action plans relating to security compliance issues
• Enroll new account to KnowBe4 training and assign modules to be completed with 30 days of employment
• Own and manages company-wide Risk Register

You should have:

• 6+ years of experience in security risk management, controls assessment, or configuration management as appropriate for your area of GRC expertise
• Big 4 experience is highly desired
• Strong familiarity with ISO 27001, ISO 27701, and SOC 2, and some familiarity with other relevant security frameworks such as NIST CSF & 800-53, SOX, HITRUST, HIPAA, FedRAMP, PCI, GDPR, CCPA, etc.
• Experience making challenging, complex ideas, concepts, and tasks understandable and appealing to diverse audiences
• Worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management
• Experience in management reporting and presentations
• Relevant BA/BS degree, graduate degree is a plus
• Technical certifications within the area security and/or compliance are a strong need (CRISC, CISA, or equivalent)
• Knowledge of, or experience working with, Cloud technologies/environments is desired
• Ability to work flexible hours to compensate for the time difference between India and the United States
• Ability to build effective relationship with stakeholders who own and support key third party relationships or Strong stakeholder and relationship management skills
• Strong understanding of Security risks, security compliance assessments and Internal and External Audits. Responding to MSA, DPA, and RFP’s
• Ability to manage BC/DR test planning, execution, training, and maintenance projects for Alations and it’s clients
• Manage Security Awareness activities, coordinate awareness trainings and events
• Exceptional working knowledge of GRC tools: JIRA, OneTrust, confluence, and KnowBe4
• Ability to pivot and thrive in a rapidly changing environment
• Ability to work flexible hours to compensate for the time difference between India and the United States

#LI-RB1More About AlationOur founders have come together from different backgrounds: business, engineering, and design. This unique mix from our founding team is important to the Alation culture story. Today, our team consists of creators and communicators with varied backgrounds - from Stanford, to the Indian Institute of Technology, big companies and one-person startups, the United States, and abroad. We continue to seek ever more diverse perspectives as we grow.We are an equal opportunity employer and value diversity at our company. We do not discriminate onthe basis of race, name, religion, color, national origin, gender identity and expression, sexual orientation, age, marital status, veteran status, or disability status.Why Alation?- Market-Leading Data Catalog Provider- High-growth, collaborative environment with diverse and inclusive teams- Continuous learning, enrichment and development opportunities- Competitive pay and health offerings including commuter benefits- Flexible time off to relax and rechargeand much, much more!