Sr. Cyber Security Compliance Analyst | Remote, USA

This position can be hired remotely anywhere within the U.S.

Optiv is the leading security solutions provider creating confidence in a more connected world. Optiv’s corporate security team, reporting to the CISO, is tasked with protecting company resources and client data in a dynamic industry, with expanding threats, and has an exciting role open on the Governance, Risk, and Compliance (GRC). The Senior Security Compliance Analyst will report directly to the Director of Governance and Compliance. This position is responsible for leading the collection and analysis of key performance metrics, conducting internal audits and assessments, leading third-party risk assessments, and internal risk management reviews, to help ensure the confidentiality, integrity, and availability of Optiv’s data and systems.  The Senior Security Compliance Analyst must possess strong analytical skills, research capabilities, and an attention to detail to ensure Optiv can efficiently and effectively handle its compliance requirements. This position is customer-facing, with frequent collaboration and interaction with all Optiv business units and external customers.

How you'll make an impact

• Lead all phases of internal and external risk assessments and security audits.
• Lead client third-party risk assessment requests to facilitate business transactions and maintain strategic business relationships.
• Positively interact with internal Optiv business units to develop standardized risk assessment responses for external clients.
• Independently perform security compliance assessments to determine if business systems are aligned with regulatory requirements, industry standards, best practices and all corporate information security policy, procedures, and standards.
• Actively review, test, analyze and report on the effectiveness and state of all required security controls.
• Monitor and report on the status of compliance activities and remediation efforts, escalating risk issues as needed.
• Provide recommendations to improve the effectiveness and efficiency of our risk-based audit program to ensure that it is repeatable, sustainable, and cost effective.
• Establish ongoing relationships with business managers and key functional stakeholders.
• Stay informed of new compliance regulations, assist in the assessment of the impact to the organization, and collaborate to ensure compliance.
• Share experience, knowledge, and ideas with management and co-workers to maintain a kind and respectful team-based environment.
• Actively participate in preparation of statements of work (SOW), where needed, and participate in budget discussions.
• Promote a corporate culture that is committed to Governance, Risk, and Compliance, and information security best practices.
• Conduct technical compliance and control audits of firewalls, routers, servers, endpoints, cloud resources, etc.

What we're looking for

• An undergraduate degree in IT, Cyber Security, or other relevant major and 3-5 years of relevant work experience
• Proficient working with a variety of technology platforms (Microsoft, Apple, Linux, Azure, AWS, GCP) and common business applications such as MS Office, Teams, Zoom, etc.
• Experience working in compliance scanning tools, such as Tenable, Wiz, Axonius, or other security tools
• Excellent interpersonal, verbal, and written communication, presentation, and problem-solving skills
• Passionate about security, client satisfaction, and process improvement
• Able to work with minimal supervision, take initiative and follow through on assignments
• Capable of working multiple tasks of varying priorities while maintaining tight deadlines
• Good understanding of security governance, compliance, and risk management principles
• A GRC or cybersecurity related certification such as CGRC, CRISC, CISA, CISSP, etc.
• Familiarity and experience with common standards, frameworks, and regulations, including NIST, ISO, COBIT, SIG, CCM, SOC-2, FAIR, HITRUST, PCI, SOX, CMMC, FEDRAMP, and GDPR
• Ability to travel (minimal travel anticipated)
• 5+ years of experience in GRC, audit, and conducting technical risk assessments
• Experience building processes and/or working in prevalent GRC management platforms, such as ServiceNow, Diligent, LogicGate, etc.
• Possess and demonstrate a strong understanding of control assessment techniques
• Solid business acumen and judgment to evaluate issues/problems of high complexity
• Experience leading internal audits and risk assessments
• LI-JL1

What you can expect from Optiv

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity or expression, sexual orientation, pregnancy, age 40 and over, marital status, genetic information, national origin, status as an individual with a disability, military or veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities.  For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.