Sr. Analyst, Security Risk and Compliance at Alteryx
We’re looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you’re a high performer who’s an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.
Alteryx is looking for a dynamic and results driven individual to work within the Information Security Governance, Risk and Compliance (GRC) function. This role requires someone with hands-on experience operationalizing security policy, maturing risk management processes, and establishing security related compliance with appropriate security standards and regulations that include ISO, NIST, FedRAMP, CSA, and other industry-standard frameworks. You shall work collaboratively with various stakeholders to ensure success with all GRC related programs. The use of risk-based methodologies and decision-making to arrive at creative and pragmatic solutions, without relying on checklists, is an important part of the role. Ensures the performance of all duties in accordance with the company’s policies and procedures, all global laws, and regulations, wherein the company operates.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Establish, implement, and monitor the security certifications program and ensure that it continues scale appropriately with the business
Be a Security and Compliance Champion that promotes and evangelizes awareness of different security and compliance risks and best practices across the company.
Perform risk assessments—including third party vendor assessments, and manage associated security risk remediation activities
Conduct control and risk assessments of technical operating environments and third party. Identify, document, and manage gaps related to security and compliance and other tasks to support ensuring Alteryx’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection.
Review regulatory requirements, external policies or standards related to Information Security, and conduct gap analysis to internal security policies and requirements. Ensure compliance with regulatory compliance and certification programs (e.g., ISO 27001, CSA Star, NIST CSF, FIPS, FedRAMP)
Support the business continuity management (BCM) program, including performing a business impact analysis (BIA), developing and testing business continuity plans (BCP), coordinating with IT on disaster recovery planning and updating crisis management plans (CMP)
Collaborate with cross-functional teams to ensure security related controls are documented and managed
Coordinate third party audits on security, controls, and security compliance. Conduct third party risk assessments and collaborate with external and internal stakeholders to identify critical risks to the organization. Work with third party to agreed risk treatment plan and participate in contract review.
Serve as a subject matter expert on internal controls and security, and collaborate with Product Strategy and Development on product enhancements, features and security capabilities
Align standards, frameworks and security with overall business and technology strategy
Identify and communicate current and emerging security threats
Provide consultative support for users in implementation or conversion of security risks
Initiate new security projects and identify ways to improve internal security processes and operations while mitigating security related risk
Ensuring compliance with the established key metrics that measure data security standards, the ISO standards/certification and provide evidence of compliance for internal and external audits.
Respond to customer security/compliance questionnaires.
Stay current on market developments to identify emerging security technologies, risks, and trends.
Performs other duties and projects as assigned.
STANDARD DUTIES AND RESPONSIBILITIES:
Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills
Strong leadership, project, and team-building skills, including the ability to lead teams and drive projects and initiatives within multiple departments
Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
Treats people with respect; keeps commitments; inspires the trust of others; works ethically and with integrity; upholds organizational values; accepts responsibility for own actions.
Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.
Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.
ESSENTIAL KNOWLEDGE, SKILLS, AND ABILITIES:
A comprehension of security standards and frameworks, rules and regulations, and system trust principals, such as ISO, NIST, OWASP, SANS Top 20, PCI-DSS, SOX-404, CSA Star, ITIL, and SOC2.
The ability to discern patterns from large amounts of disparate information while remaining adaptable in rapidly changing situations and environments.
Intermediate skills in computer terminal and personal computer operation; Microsoft Office applications including but not limited to: Word, Excel, PowerPoint, and Outlook.
Effective organizational and time management skills. Exceptional verbal, written and interpersonal communication skills. Ability to organize and prioritize work schedules on a short-term and long-term basis.
Capability to provide consultation and expert advice to management. Ability to make decisions that have moderate impact on the immediate work unit and cross functional departments.
Ability to make informal and formal presentations, inside and outside the organization; speaking before assigned team or other groups as needed.
Ability to deal with complex challenges involving multiple facets and variables in non-standardized situations. Capability to work with little to no supervision while performing duties.
EDUCATION, EXPERIENCE AND/OR LICENSES:
Bachelor’s Degree in Information Technology, Mathematics, Business, or Engineering with a minimum of three (3) years’ progressive information security GRC experience is preferred
Base understanding of Security Methodologies required.
Possible certification requirements include: Certified Information Systems Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC)
Alteryx is committed to fair and equitable compensation practices. The salary range for this role in Broomfield, CO is $88,400 to $150,300. This position is also remote-friendly and, as such, compensation will ultimately be in line with the location in which the position is filled. Final compensation for this role will be determined by various factors such as a candidate’s relevant work experience, skills, certifications, and geographic location. This role is eligible for variable compensation including bonus and stock grants.
Find yourself checking a lot of these boxes but doubting whether you should apply? At Alteryx, we support a growth mindset for our associates through all stages of their careers. If you meet some of the requirements and you share our values, we encourage you to apply. As part of our ongoing commitment to a diverse, equitable, and inclusive workplace, we’re invested in building teams with a wide variety of backgrounds, identities, and experiences.
Benefits & Perks:
Alteryx has amazing benefits for all Associates which can be viewed here.