Security Compliance Analyst, GRC

Who We Are:

At Bandwidth, your music matters when you are part of the BAND. We celebrate differences and encourage BANDmates to be their authentic selves. #jointheband

What We Are Looking For:

As part of the Infosec GRC team, the Security Compliance Analyst's core objective is to support Bandwidth's ISMS, security audits, and other GRC related functions. The Analyst is expected to have audit knowledge and experience around common security controls for compliance needs. Focusing on audit reviews of users, access, roles, privileges, and permissions across complex IT environments. Secondary focus includes involvement in the maintenance and/support of Bandwidth's ISMS including all aspects of GRC (ie; vendor risk management, policy management, risk management, compliance management, and awareness training). The Analyst is expected to be aware of and actively uphold the enterprise's security goals as established by its stated policies and program objectives through interfacing with peers in security and across the organization.

What You'll Do:

• Conduct and document security compliance assessments based on a variety of standards.
• Assist with internal and external audits in support of the Information Security program.
• Ability to work with multiple teams to drive reduction in risks and improve overall compliance.
• Perform internal audits to validate completeness and accuracy of the ISMS and security program.
• Support internal audits of contractual and policy controls to validate effectiveness and compliance.
• Perform user access review audits, and summary reporting on a recurring basis.
• Develop remediation and corrective actions as driven by audit results towards compliance within the organization.
• ISMS maintenance activities including regular reviews of information security controls and documentation.
• Assist with awareness training and related records.

What You Need:

• College degree in an IT or Information Security, Cyber discipline or other equivalent combination of education and/or work experience that is focused on IT Security, Risk Management, Data Protection and/or Compliance.
• Minimum 4 years in IT related roles; 2 years of Information Security and related audit experience required.
• Understanding of common cyber security standards and frameworks.
• Cloud security familiarity and/or experience,
• Familiarity of Windows and Linux operating systems.
• Knowledge of common security tools; GRC-ISMS, SIEM, scan (vulns, configs, software, endpoint).
• Experience using common enterprise tools such as Jira, Servicenow, G-Suite, Workday, Slack.
• Understanding of IT systems, architecture, design, towards common industry best practices.

Bonus Points:

• Cloud compliance experience for security and privacy.
• Cloud security certification.
• Security or Privacy certifications.
• Business Continuity Plans and Disaster Recovery Plans.
• General IT, Cyber Security, and Compliance work. Desirable; AWS Cloud Security and Compliance.

The Whole Person Promise: