The Compliance and Assurance team’s mission is to strengthen Okta’s position as the leading Identity-as-a-Service solution through a security-first approach to compliance. We are looking for someone with a strong compliance background and experience in the technical implementation of security controls from SOC2, ISO27001, and other international frameworks. The right candidate will have participated in a mature ISMS program and will play a key role in providing customers with confidence in Okta’s leadership in the identity space. As a Principal Compliance Analyst, you will support security initiatives by engaging various process owners in the design, documentation, implementation, monitoring of the appropriate controls in our computing environments, and demonstrating those controls to external auditors. In addition you will plan and lead the private sector compliance initiatives.
The ideal candidate will have hands-on experience with the technical implementation of SOC2 and ISO controls in a cloud-based environment using tools such as Salesforce, Okta, ServiceNow, JIRA and others. This position requires a unique set of skills including project management, and an eye towards future standards and regulations that will impact our customers. If you’re a self-starter who wants to make a difference in global cloud security, we want you on board.
Job Duties and Responsibilities:
- Lead ISO and SOC2 audits of the company’s computing environment, with focus on security controls
- Interpret requirements across multiple compliance frameworks
- Collaborate to build and implement a common controls framework for Okta
- Lead efforts to analyze gaps between current status and future compliance framework needs
- Perform controls testing and develop recommendations based on confirmed observations
- Work with process and control owners to help them understand the audit results, identify remediation options, and prioritize their closure
- Work with the Security Team in identifying security gaps as reported by internal and external customers
- As needed, develop appropriate security documentation, including system security plans, information security policies, and risk assessment procedures
- Assess security impact on changes to the systems and applications
- Identify opportunities for improvement within the Compliance program and build plans to address them.
Minimum REQUIRED Knowledge, Skills, and Abilities:
- Bachelor’s degree or higher in Computer Science or Management Information Systems, or equivalent experience
- In-depth knowledge in IT security frameworks and best practices, such as NIST-800 publications, FedRAMP, CoBIT, CCM, and Trust Principles and Criteria
- Working knowledge of terms and concepts used in information security, privacy, risk assessments and contingency planning
- Understanding of IT methodologies, such as software development lifecycle and operations
- Strong analytical and problem-solving skills and the ability to “think-out-of-the-box”
- Strong oral, written and presentation communication skills
- Able to work independently or with a team
Helpful Certifications / Skills:
- Certified Information System Auditor (CISA)
- GIAC Security Essentials (GSEC)
- Certified Information Systems Security Professional (CISSP)
- Certificate of Cloud Security Knowledge (CCSK)
- Familiarity with JIRA and Okta
- Technical background
Okta is rethinking the traditional work environment, providing our employees with the flexibility to be their most creative and successful versions of themselves, no matter where they are located. We enable a flexible approach to work, meaning for roles where it makes sense, you can work from the office, or from home, regardless of where you live. Okta invests in the best technologies and provides flexible benefits and collaborative work environments/experiences, empowering employees to work productively in a setting that best and uniquely suits their needs.
By submitting an application, you agree to the retention of your personal data for consideration for a future position at Okta. More details about Okta’s privacy practices can be found at: https://www.okta.com/privacy-policy.
Okta is an Equal Opportunity Employer