Alteryx is hiring a talented Information Security Engineer.  The Information Security Engineer reports to the Vice President of Information Security and Data Privacy.   Basic responsibilities lie with third party vendor assessments, cloud security, business continuity management and customer security questionnaires.

The position lends itself to a collaborative and technically experienced Security Engineer with the ability to understand and implement security controls as well as to effectively communicate Alteryx’s controls to third-party vendors, existing customers, prospects and employees.  The Engineer will drive remediation/changes within the organization and maintain a reliable, resourceful, customer service and can-do attitude. 

The Information Security Engineer is a member of the Information Security organization and will work directly with the Risk and Compliance team, the Cyber Security team (Incident Response), the IT Cloud team, 3rd party vendors and customers.  The Engineer is a strong contributor responsible for the assessments and mitigations.  In this role, the Engineer will be required to demonstrate the ability to analyze difficult problems, think out-of-box and provide sound security solutions and recommendations to our internal and external customers. Compliance initiatives are focused on, but not limited to ISO 27001, ISO 27017, ISO 27018, AICPA SOC1 and SOC2, PCI, CSA, HIPAA, and FISMA/NIST/FedRAMP. The Security Engineer must be a champion in driving and measuring internal and 3rd party compliance, as well as validating processes and actions are aligned with existing policy.  

Essential Duties and Responsibilities

• Assess environments and create Risk Mitigation plans as needed
• Assess third-party vendors for policy and contract compliance as needed
• Continue to improve third-party vendor assessment capabilities and automation integrations
• Track third-party vendor risk mitigations
• Continue to mature and build out the Business Continuity and Disaster Recovery program
• Contribute by enhancing and maturing cloud compliance frameworks as needed
• Facilitate customer requests and information gathering for audit activities (customer external security audits)
• Work with other IT and Security Engineers to create, review, and/or update existing security policies
• Data Analytics experience working with spreadsheets and large amounts of data
• Ability to drive integration of remediation efforts with the existing risk management process
• Assist with successful completion of enterprise security certifications and industry/regulatory compliance activities
• Successfully project manage and drive remediation activities across various teams within the organization
• Ability to interact with external prospects as well as customer compliance teams
• Assist with activities to measure and monitor compliance with company policies and procedures
• Ability to review security contracts exhibits and provide expert advice to the Legal and Sales teams
• Approximately 15% of domestic and international travel will be expected of the position

Required Qualifications

• 5+ years working in the field of Information Security
• Bachelor’s degree in Information Security or work equivalent
• CISSP certification is required.  CCSP, CRISC, CBCP are a definite plus
• Experience in assessing Cloud Security platforms such as AWS, Azure, and Google Cloud Solutions
• Experience in Business Continuity Management and Disaster Recovery
• Experience with 3rd party Vendor Risk Assessments
• Direct and recent working experience with the following compliance programs: ISO 27001, ISO 27017, ISO 27018, SSAE18 SOC1 Type 2/SOC2 Type 2, CSA, HIPAA, and FISMA/NIST/FedRAMP
• Experience in network security architecture
• Excellent report writing skills; ability to prepare compliance reports and associated metrics
• Must be able to effectively communicate technical details and thoughts in non-technical/general terminology
• Strong detail-oriented organizational, multi-tasking, and time management skills
• Strong interpersonal skills to effectively interact with customers, team members, other departments, and senior management
• Team player, a self-starter who takes initiative
• Has mastered the Security Core concepts such as:  Security and Risk Management, Security Assessments, 3rd party vendor assessments, Security Architecture and Engineering, Network Security, Cloud Security and Business Continuity Management

Desired Qualifications

• Prior experience working in the Security and Compliance group of a SaaS/Cloud company or a Security Risk and Compliance practice of a top accounting firm
• Other Relevant professional certifications such as CISA, GIAC, and PMP