We are looking for a security compliance analyst to join our Business Technology (BT) Governance, Risk and Compliance (GRC) team and help us to achieve our risk and compliance measures. In this role, you will report to the Director, BT GRC and be responsible for designing and implementing controls, performing risk assessments and documentation across all domains and other control compliance requirements, as needed. You will be the subject matter expert on best practices for BT controls. You will work closely with Information Security, Legal, HR and other departments to ensure the appropriate IT controls are in place ensuring compliance with Information Security Policy, Standards and Controls, Industry Frameworks and Privacy regulations.
- Create and present risk posture discovery and recommendation reports to Risk leadership.
- Monitor plans of action and milestones for risk remediation requirements
- Remain educated on regulatory requirements, internal policies and industry best practices.
- Liaise with technical and business teams related to compliance requirements.
- Manage comprehensive documentation demonstrating continuous regulatory compliance effectiveness
- Conduct assessments and gap analyses of compliance activities to support effectiveness indicators provided by government agencies
- Create and collect information and evidence for external audits and client inquiries
- Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.
- Collect, review, and analyze data from information systems
- Manage BT internal controls and process risk assessments to include planning, walkthrough, and testing
- Identify and communicate gaps in BT controls and track remediation to closure
- Perform risk assessments, monitor control deficiencies, and support management in the development of remediation plans to address deficiencies in a timely manner
- Research, recommend, and implement best practices in compliance for continuous improvement of the program
- Coordinate with system owners to perform quarterly access reviews and change reviews
- Technical Bachelors’ Degree
- 5+ years’ experience in GRC roles
- 3+ years’ program management or leadership experience
- Extensive knowledge of internal control and compliance frameworks
- Experience with security certifications (SOC2, ISO)
- Familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examinations Council, Sarbanes-Oxley Act, and NIST.
- Attention to detail and good communication, presentation, and interpersonal skills
- Comfortable leading projects and advising at the exec level
((Colorado, New York and Washington only*) Minimum OTE of $103,000/year + bonus + equity + benefits))
Okta is an Equal Opportunity Employer.
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs. Find your place at Okta https://www.okta.com/company/careers/.
By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta. More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.