Role: Information Security Compliance Analyst
Reporting to: VP of Security and Compliance
Pivotree architects, builds, hosts and manages a wide range of commerce experiences for well-known domestic and global brands. Customers turn to Pivotree as their trusted partner when they want to grow revenue, increase online and in-store traffic, improve customer experience, grow a loyal customer base, achieve operational efficiencies, and higher profits.
Pivotree is a privately-held and venture backed company with an aggressive growth objective including strategic acquisitions. 2018 was a transformational year for Pivotree with the combination of three existing businesses in this sector: Tenzing, ThinkWrap and Spark:Red. Our combined team is made up of a diverse blend of engineers, solution architects, programmers, UI developers, project managers and analysts who work together to create and manage next-generation commerce excellence. We hold ourselves to the very highest standards and our employees take great pride in our accomplishments.
We are currently seeking an Information Security Compliance Analyst to join our growing team. The Information Security Compliance Analyst will be responsible for helping to maintain and administer information security policies, standards, procedures, and associated controls, and for supporting internal and external audits, assessment of policies and controls, and risk identification and analysis. The Information Security Compliance Analyst will participate in on-call rotation and after hours work as necessary.
Roles & Responsibilities:
Perform activities to help measure and monitor compliance with company policies, standards, and procedures
Plan and perform recurring security control assessments across company departments, business units and operational locations
Facilitate customer and auditor/assessor requests and information gathering for audit activities and provide support for onsite audits.
Support security compliance initiatives and assessments including responses to client security organization audits, questionnaires
Assist with successful completion of vendor risk assessment activities
Contribute in enhancing our GRC tool and processes to meet compliance business needs
Support daily work for Pivotree’s risk program, such as:
Intake, triage, and analysis of risks
Partner with risk owners to create and achieve risk treatment plans
Ensure completeness and accuracy of the Risk Register
Drive risk acceptances
Manage JIRA backlog for risk items
KEY SKILLS & COMPETENCIES:
2-3 years increasing responsibilities in IT risk management, information security or compliance related field
Knowledge of IT risk assessment methodologies and frameworks such as NIST 800-30r1 and ISO 31000
Knowledge of IT security and compliance standards including PCI, ISO 27001/27002, and SOC1/SOC2
Prior experience with GRC applications
Ability to interpret information security data and processes to identify potential risks
Ability to work within a globally distributed organization
Excellent time management skills including the ability to prepare, organize priorities independently, and complete work plans
Excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across a broad group
Ability to clearly and effectively communicate risks, information security and compliance matters to executives, auditors, and end users
CISA, CRISC or other relevant professional certification preferred