InfoSec - Risk & Compliance Analyst Worldwide
Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases. Founded in 2012 by the people behind the Elasticsearch, Kibana, Beats, and Logstash open source projects, Elastic's global community has more than 80,000 members across 45 countries, and since its initial release. Elastic's products have achieved more than 100 million cumulative downloads. Today thousands of organizations, including Cisco, eBay, Dell, Goldman Sachs, Groupon, HP, Microsoft, Netflix, The New York Times, Uber, Verizon, Yelp, and Wikipedia, use the Elastic Stack, X-Pack, and Elastic Cloud to power mission-critical systems that drive new revenue opportunities and massive cost savings. Elastic is backed by more than $104 million in funding from Benchmark Capital, Index Ventures, and NEA; has headquarters in Amsterdam, the Netherlands, and Mountain View, California; and has over 800 employees in more than 30 countries around the world.
We are looking for a Senior Security Risk and Compliance Analyst to join the Information Security Team at Elastic. If you are someone that has a passion for the process of improvement, automation, and efficiency; and loves the fast pace of DevOps culture, then this is the job for you. This is a new role focused on developing and improving our internal risk & compliance processes at Elastic primarily in the fields of information security and data privacy.
- Audit and Compliance:
- Assess, formulate and monitor internal compliance requirements primarily in the fields of infoSec and data privacy in which you will work towards process efficiency and fit whenever possible.
- Manage audit requirements and deliverables for multiple compliance audits related to certification under various security standards (e.g. ISO 27001, SOC 2, etc.) and/or customer data privacy assessments (GDPR).
- Work on 3rd party risk assessments and compliance requirements for our vendor risk program and manage the review cycle.
- Assist with development and implementation of policies and procedures that align with ISO 27001 standards and with data processing standards applicable to Elastic’s processing of personal data under GDPR.
- Work with stakeholders to coordinate remediation projects as required and report on progress to management.
- Customer interaction:
- Support potential clients and customers by answering inquiries about Elastic’s data privacy and security and compliance practices.
- Coordinate responses to customer questionnaires by working with internal Elastic stakeholders.
- Optimize the program for efficiency.
- Work effectively with partners in IT, Finance, Legal, Engineering, and Product to assess security compliance requirements and recommend policies & practices in support of the company’s compliance initiatives.
- Demonstrate ability to engage at sufficient technical depth with our products.
- As a member of the InfoSec team, your position may include other responsibilities in the information security program such as assisting with vulnerability scan remediation, and updating risk assessments.
- Assist with coordinating security and privacy awareness training throughout Elastic.
- BA or BS or a higher degree in a technical field (e.g. EE, CS)
- 2+ years experience working on compliance audits for SaaS platforms, including SOC 2 type 2 and/or ISO 27001.
- 3 years of meaningful work experience across engineering and IT organizations, including security incident response, threat analytics, security operations, and security risk management.
- Working knowledge of common audit and compliance tools and requirements.
- Demonstrated ability to operate effectively at a dynamic company and embrace change.
- Technical aptitude and extreme attention to detail
- Excellent spoken and written communication skills
- Familiarity with GitHub
Preferred skills and experience:
- Experience with or comfortable in Factor Analysis of Information Risk (FAIR)
- CISA, CRISC, CISSP, CCSP, CIPP, or similar certification.
- Experience with Open Source and the Elastic Stack.
- Familiarity with cloud technologies (such as AWS, Azure, and GCP).
We're looking to hire team members invested in realizing the goal of making real-time data exploration easy and available to anyone. As a distributed company, we believe that diversity drives our vibe! Whether you're looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life.
- Competitive pay based on the work you do here and not your previous salary
- Stock options
- Global minimum of 16 weeks of paid in full parental leave (moms & dads)
- Generous vacation time and one week of volunteer time off
- Your age is only a number. It doesn't matter if you're just out of college or your children are; we need you for what you can do.
Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.
Vacancy page : https://boards.greenhouse.io/elastic/jobs/1274807