The Sr. Compliance Analyst is part of the Granicus Security team to ensure cohesive awareness of risk and our risk reduction capabilities, as well as easily collaborate with other departments who support our Security and Privacy Programs. Primarily responsible for managing the planning, execution, monitoring, and reporting of projects of varying complexity regarding in support of security and privacy compliance and related operational areas. Work includes assessing and tracking compliance with policies and procedures, monitoring, recommending corrective action, preparing findings, and assisting with remediation plans. Services should be performed in accordance with professional and department standards. Responsibilities include assessing the current adequacy of security/privacy strategy and controls, calculating the impact of potential adverse events, and facilitating risk mitigation planning and review sessions. This role assists with internal and third-party risk assessments.

What You'll Do:

· Project manages security and privacy-related risk management framework projects using project and service management best practices for key compliance programs

· Prepares for, participate and support security certification and compliance audits efforts including CCPA, GDPR, FedRAMP, ISO 27001, and others as assigned

· Supports internal and external audits by gathering or coordinating the collection of necessary evidence

· Contributes to process improvements and workflow development for the identification, measurement, management, tracking, and reporting of information risks and findings

· Manages and maintains SLAs on audit and continuous monitoring findings.

· Creates data flow mapping spreadsheets, conducts privacy impact assessments, reviews/updates privacy policies, and reviews vendor data processing agreements to support the various privacy compliance projects

· Collaborates with corporate counsels and HR departments to monitor enforcement of standards and regulations

· Reviews the work of colleagues when necessary to identify compliance issues and provide advice or training

· Oversees continuous monitoring programs ensuring all monthly, quarterly and annual continuous monitoring task are completed on time

· Reviews and process monthly vulnerability scan results and works with the technical teams to ensure vulnerabilities are resolved on time

· Maintains and publishes security policies and plan documentation including but not limited to the System Security Plan, Incident Response Plan, and Contingency Plan

· Participates in the publication of periodic program status covering overall security/privacy priority initiatives, associated milestones, deliverables, and success criteria

· Prepares reports on key metrics for senior management and external regulatory bodies as appropriate

Who You Are:

· You have 3+ years in working with information security governance, compliance, or auditing with at last 2-years' experience directly using a NIST-based SP-800-37 security management framework

· You have 2+ years managing multiple projects

· You are familiar with and have direct experience with information security principles, standards, tools and methodologies

· You have strong problem solving and analytical abilities with the ability to prioritizing large amounts data

· You can effectively handle ambiguous, dynamic tasks and can switch gears in response to events and circumstances

· You can write clear, concise, comprehensive presentations. You understand how to communicate clearly to small groups

· You have cross-group collaboration, project management, interpersonal awareness and virtual team leadership capabilities

· You are results oriented with the ability to self-manage and work independently 

· You are adept with Microsoft Word, Excel, and PowerPoint

Desired Characteristics:

· Understands and prioritizes work according to time and resource constraints

· Understands consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.)

· Comfortable with presenting work to small audiences (10-20 people) and facilitating discussion to support a partner decision

· Has strong presentation, verbal and written communication skills.

· Able to operate effectively independently and in teams, making progress on tasks while dealing with potential process and project ambiguity

· Has a strong desire to work in the Information Security and/or privacy field

· Understands risk management concepts

· Maintains excellent organizational, planning, and time management skills

· Must be flexible and be able to function in a fast paced and dynamic environment

· Ability to work within and coordinate with other agile-based teams

· Has a strong understanding of ITIL service manager and/or PMI project management, with a certification in either strongly desired

· Experience with JIRA and Confluence is strongly desired

· Experience with NIST 800-53 based controls is strongly desired with FedRAMP a plus

· Knowledge and/or experience with privacy compliance frameworks such as GDPR and or CCPA is desired

*starting rate may vary by experience and/or location

#LI-NS1 #Li-Remote