Alteryx is hiring a talented Risk and Compliance Security Engineer.  The Risk and Compliance Security Engineer reports to the Vice President of Information Security and Data Privacy and is responsible for maintaining global compliance.

The position lends itself to a collaborative and technically experienced Risk and Compliance Engineer with the ability to understand and implement Risk and Compliance controls via Alteryx’s GRC tool, as well as to effectively communicate Alteryx’s controls to employees, prospects and existing customers. The Engineer will drive remediation/changes within the organization and maintain a reliable, resourceful, customer service and can-do attitude. 

The Risk and Compliance Security Engineer is a member of the Governance, Risk and Compliance team and will work directly with the Sr. Risk and Compliance Security Engineer in the implementation of Alteryx’s GRC tool.  The Risk and Compliance Engineer is a strong contributor responsible for the assessment, creation, and implementation of security policies, standards, methodologies, and processes.  In this role, the Risk and Compliance Engineer will be required to demonstrate the ability to analyze difficult problems, think out-of-box and provide sound security solutions and recommendations to our internal and external customers. Compliance initiatives are focused on, but not limited to ISO 27001, ISO 27018, AICPA SOC1 and SOC2, PCI, CSA, HIPAA, and FISMA/NIST/FedRAMP. The Security Engineer will also be involved in driving and measuring internal and 3rd party compliance, as well as validating processes and actions are aligned with existing policy.  

Essential Duties and Responsibilities

• Strong contributor in the implementation of the ISMS and ISO 27001 framework
• Strong contributor in the implementation of Alteryx’s GRC tool and risk modules 
• Owner of the existing Global Security Awareness training program
• Assess environments and create Risk Mitigation plans as needed
• Work with Sr. Engineer to create, review, and/or update existing security policies
• Data Analytics experience working with spreadsheets and large amounts of data
• Ability to drive integration of remediation efforts with the existing risk management process
• Assist with successful completion of enterprise certifications and industry/regulatory compliance activities
• Successfully project manage and drive remediation activities across various teams within the organization
• Ability to interact with external prospects as well as customer compliance teams
• Contribute by enhancing and maturing the existing cloud compliance frameworks as needed
• Assist with activities to measure and monitor compliance with company policies and procedures
• Facilitate customer requests and information gathering for audit activities (customer external security audits)
• Ability to review security contracts exhibits and provide expert advice to the Legal and Sales teams
• Approximately 15% of domestic and international travel will be expected of the position
• Assess third-party vendors for security risks and support assessment process improvements
• Audit third-party vendors for policy and contract compliance as needed

Required Qualifications

• 5+ years working in the field of Risk and Compliance or Information Security
• Bachelor’s degree in Information Security and/or Cyber Security or equivalent
• CISSP certification is required.  CRISC and CCSP are a definite plus
• Some experience in assessing Cloud Security platforms such as AWS, Azure, and Google Cloud Solutions
• Experience with 3rd party Vendor Risk Assessments
• Direct and recent working experience with the following compliance programs: ISO 27001, ISO 27018, SSAE18 SOC1 Type 2/SOC2 Type 2, CSA, HIPAA, and FISMA/NIST/FedRAMP
• Basic understanding of network security architecture
• Excellent report writing skills; ability to prepare compliance reports and associated metrics
• Must be able to effectively communicate technical details and thoughts in non-technical/general terminology
• Strong detail-oriented organizational, multi-tasking, and time management skills
• Strong interpersonal skills to effectively interact with customers, team members, other departments, and senior management
• Team player, a self-starter who takes initiative
• Has mastered the Security Core concepts:  Inventory Management, Vulnerability Management, Configuration Management, Patch Management, and Risk Assessments

Desired Qualifications

• Prior experience working in the Security and Compliance group of a SaaS/Cloud company or a Security Risk and Compliance practice of a top accounting firm
• Other Relevant professional certifications such as CRISC, CISA, GIAC, CRISC and PMP
• Ability to assess and implement a GRC tool which meets internal and external controls