Information Security Analyst, Risk Management & Compliance

Security United States

Information Security Analyst, Risk Management & Compliance - 100% REMOTE


Who We Are:

CrashPlan® provides peace of mind through easy-to-use, automatic endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity. We continue to innovate as the landscape of work evolves, which makes CrashPlan foundational to organizations’ data security. What starts as endpoint backup and recovery becomes a solution for ransomware recovery, breaches, migrations, and legal holds. 


Position Summary:

We are recruiting for an Information Security Analyst, Risk Management & Compliance to join our team.  As a key member of the CrashPlan Information Security Team, you will be supporting  the risk management and compliance functions. We believe in smart security and in your role you will look for meaningful ways to manage risk, ensure compliance, and work with teams to implement better security practices.

Key Responsibilities:

  • Conducting security and privacy risk assessments and security consulting engagements
  • Conducting information security assessments of third party vendors 
  • Maintaining reporting and tracking for identified information security and privacy risks and working closely with risk owners to remediate
  • Conducting periodic business continuity and disaster recovery testing 
  • Responding to customer and prospect security questions related to CrashPlans products and security posture 
  • Supporting information security compliance audits and initiatives (e.g. SOC2, ISO 27001, PCI-DSS, FedRAMP)
  • Prioritizing risks efficiently and appropriately; challenging assumptions and methodologies
  • Developing and maintaining cross-functional partnerships, and partnering with SMEs to determine appropriate risk-based remediation strategies

Required Qualifications:

  • Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or related discipline and/or equivalent experience
  • 3+ years professional experience in a similar role
  • Knowledge of/experience working with NIST 800-53, ISO 27001 and other relevant security frameworks 
  • Experience leading SOC2, FedRAMP, ISO 27001 compliance audits and initiatives 

Preferred Qualifications:

  • Experience with GDPR and CCPA and conducting risk assessments and impact analysis
  • One or more information security or privacy certifications (e.g. CISSP, CISM, CIPP)


CrashPlan values workplace diversity and ensuring an environment of mutual respect. Employment opportunities are available to all applicants without regards to race, color, creed, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability, genetic information, or any other category protected by law. We believe that diversity and inclusion are critical to our success, and we seek to recruit, develop, and retain the most talented people from a diverse candidate pool. We are proud to be an equal opportunity employer