InfoSec Compliance Analyst
SentinelOne was formed by an elite team of cyber security and defense experts from IBM, Intel, Check Point, Cylance, McAfee, and Palo Alto Networks. SentinelOne is shaping the future of endpoint security through its unified, converged platform that automatically prevents, detects and responds to threats in real-time. Our unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.
What are we looking for?
We are looking for a highly motivated, collaborative and experienced InfoSec Compliance Analyst with a security throughout mindset who can balance risk, business drivers and timelines. This position will be responsible for understanding and supporting the design of SentinelOne's organizational, procedural and technological security controls within the context of the security frameworks applicable to SentinelOne. The selected employee will help implement, automate, document and maintain controls while supporting and responding to inquiries from internal and external stakeholders.
- Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth.
- Participate in internal security and compliance program and track recurring controls.
- Help support customer security reviews, RFPs and external security and privacy inquiries.
- Help support internal/external audits and evidence collection.
- Document new and update existing policies, procedures, standards and resources
- Participate in Security awareness program, train personnel on data security & privacy related processes and responsibilities
- Participate in defining, collecting and tracking various Security Metrics
- Support vendor management, including vendor risk assessments and security reviews
- 2-3 years of experience working in information security or compliance
- Work experience with ISO 27001 compliance standard
- Experience working with Security Controls across at least some of the following domains: Access Management, Encryption, Risk Management, Network Security, Configuration Management, Patch Management, Change Management, Awareness & training, BC/DRP, etc.
- Ability to balance risk, potential impact, resourcing, business drivers, and timelines
- Ability to work closely with cross-functional stakeholders
- Ability to communicate effectively, in writing and verbally, to target audiences, including customers, partners, auditors, executive management, vendors, and peers
- Experience working with both technical and non-technical teams
- Ability and desire to understand the intent of requirements and provide effective recommendations
- Ability to prioritize in a highly dynamic work environment
- Advanced degree in computer science, information technology or Information security
- Relevant certifications (e.g., ISO 27001 LA/LI, CISA, CISM, CISSP, CEH, CCSK, etc.)
- Experience with, and strong understanding of, at least several of the following security compliance frameworks, controls, and best practices: ISO 27001/27002, FedRAMP, SOC 2, OWASP Top 10, HIPAA, PCI DSS, NIST 800-53, GDPR, and other applicable regulatory compliance frameworks
- Ability to assess and pragmatically define scope and relevant controls
- Strong desire to learn and continuously develop and deepen technical skills
This is a rare opportunity to work with some of the best infosec minds on the internal security of a kickass information security company! You’ll be working in an industry leading high-tech cybersecurity company within Information Security Team. Our global teams are at the front line of defense against cyberattacks, combining unmatched cyber security knowledge! We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.
You will work on real-world problems and make an impact by protecting our customers from cyber threats. You will be joining a cutting-edge project and will be able to influence the architecture, design, and structure of our core platform. You will tackle extraordinary challenges and work with the very BEST in the industry.
- Medical, Vision, Dental, 401(k), Commuter, and Dependent FSA
- Unlimited PTO
- Paid Company Assigned Holidays
- Paid Sick Time
- Weekly catered lunch
- Gym membership reimbursement
- Cell phone reimbursement
- Numerous company-sponsored events including regular happy hours and team building events
SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.