Information Security Analyst, Policy and Governance

Security United States

Information Security Analyst, Policy and Governance - 100% REMOTE

Who We Are:

CrashPlan® provides peace of mind through easy-to-use, automatic endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity. We continue to innovate as the landscape of work evolves, which makes CrashPlan foundational to organizations’ data security. What starts as endpoint backup and recovery becomes a solution for ransomware recovery, breaches, migrations, and legal holds. 

Position Summary:

We are recruiting for an Information Security Analyst, Policy and Governance  to join our team.  As a key member of the CrashPlan Information Security Team, you will be supporting the policy, governance and compliance functions. We believe in smart security and in your role you will look for meaningful ways to manage risk, ensure compliance, and work with teams to implement better security practices.

Key Responsibilities:

  • Maintaining, implementing and maturing information security policies, standards and procedures 
  • Creating and facilitating information security training and awareness content and initiatives
  • Maintaining privacy standards and policies
  • Conducting information security and privacy risk assessments and conducting gap analysis 
  • Tracking and reporting on information security, compliance and privacy risks 
  • Leading information security compliance audits and initiatives (e.g. SOC2, ISO 27001, PCI-DSS, FedRAMP)
  • Prioritizing risks efficiently and appropriately; challenging assumptions and methodologies
  • Developing and maintaining cross-functional partnerships, and partnering with SMEs to determine appropriate risk-based remediation strategies

Required Qualifications:

  • Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or related discipline and/or equivalent experience
  • 3+ years professional experience in a similar role
  • Knowledge of/experience working with NIST 800-53, ISO 27001 and other relevant security frameworks 
  • Experience leading SOC2, FedRAMP, ISO 27001 compliance audits and initiatives 
  • Ability to prioritize and complete multiple tasks on tight deadlines

Preferred Qualifications:

  • Experience with GDPR and CCPA and conducting risk assessments and impact analysis
  • One or more information security or privacy certifications (e.g. CISSP, CISM, CIPP)

CrashPlan values workplace diversity and ensuring an environment of mutual respect. Employment opportunities are available to all applicants without regards to race, color, creed, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability, genetic information, or any other category protected by law. We believe that diversity and inclusion are critical to our success, and we seek to recruit, develop, and retain the most talented people from a diverse candidate pool. We are proud to be an equal opportunity employer