Senior Information Security Analyst
Tenable seeks to hire a hands-on Senior Risk and Compliance Analyst to join its InfoSec-Risk and Compliance team. This role will help drive the compliance and assurance efforts for our products and cloud services. Additionally, they will assist with responding to external vendor risk assessments, security assessments, and audit requests.
We are searching for a candidate who knows both sides of the audit and assessment process; how to test controls and how to design them. The candidate will review the design of existing controls and offer ideas on improving and consolidating those controls, educating and informing others within the organization, and identifying opportunities for improvements in existing processes.
- Serve as the primary lead for maintaining FedRAMP Authorization Package, FedRAMP annual audits
- Assists in the development and execution of the internal compliance program including preparation for audits, certifications, and risk assessments
- Assists in developing, administering, and ongoing compliance monitoring of internal security controls
- Serves as a company representative with prospects, customers, and partners by assisting with completing security questionnaires, assessments, and audits
- Work with Sales, Engineering, Information Security, IT, and Product Development teams to convey compliance obligations and requirements
- Optimize risk management, control, and compliance activities
- Educate stakeholders on their responsibilities
- Acts as a consultant and SME for internal departments with all things FedRAMP, 800-171 (and other frameworks, processes, etc as required)
- Coordinate and participate in internal and external audit walkthroughs
- Help guide and perform remediation of issues identified during third-party assurance or internal reviews
- Support special projects as required
What you'll need:
- Experience with a 3PAO or CSP going through the FedRAMP process
- Knowledge of governance, risk and compliance frameworks such as NIST CSF
- Experience interpreting industry and regulatory requirements and authoring supporting controls
- Experience performing or undergoing internal and external audits
- Experience achieving or maintaining certifications such as: FedRAMP, SOC2, ISO 27001, SOX etc.
- 3+ years of experience performing information security and risk assessments based upon industry accepted standards
- 4+ years of experience in compliance, information security, assurance, internal controls or risk management
- 4+ years of experience with implementation, monitoring, and reporting of control processes, documentation, and remediation items
- Ability to operate independently and understand all the requirements
- Strong project management skills
- Ability to work well with others, and communicate effectively with all levels of management
- Must be analytical and embrace technology
- Rational, pragmatic, and realistic approach to security, risk and compliance
- Excellent verbal and written communication skills
- Advanced user of Excel
- Be self-directed and self-motivated
- Manage conflicting priorities
- Relevant security certifications (SSCP, CISSP, CISA, etc)
- Experience in a Big 4 or similar security consulting or risk assurance role
- 3PAO experience
- Experience conducting audits for or implementing programs such as FedRAMP
- Experience with privacy
- Experience with BC & DR Program Development/Management
- BS, BA in Information Technology, Computer Science, Information Security, or other related
If you’ve reached this point in the job description and feel you’re still not sure if you should apply…Just do it! We know there are no perfect applicants. You may not have 100% of all those bullets listed above - and that’s okay. If you’re feeling like you’re not going to fit in with our teams - that’s not okay. We're One Tenable which means however you identify and whatever background you bring with you, we encourage you to submit an application if it’s a role you can be passionate about doing every day.
We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels.