Data Security & Risk Analyst

Job Description

Our mission is to redefine the home experience with tech and services to create a smarter, greener, safer home that saves our customers money every month.

Summary:

The position will work with internal and external parties to ensure that Vivint's minimum security requirements and controls are implemented for any partner or third-party doing business with, sharing or integrating Vivint data, systems, or infrastructure. This role will be responsible for analyzing the risk from resultant security, compliance, and privacy assessments. They will work across the organization to report on the risk posture. The goal of the role is to ensure security, compliance and privacy design, controls and procedures met for any third-party doing business with Vivint and that the risks are identified and exposure remediated to an acceptable risk level.

Primary Responsibilities:

• Performing risk and security posture assessments of third-party vendors, existing and new, to identify and evaluate the security risk of the organization.
• Reducing exposure and risks by maintaining contact with vendors responsible for access, storing, processing, hosting, or integrating with company data regarding current threats.
• Monitor the third-party security posture and breaches.
• Analyze information security systems, provide recommendations, and develop security measures to protect information against unauthorized modification or loss.
• Evaluating and advising on the security disposition of Commercial off the shelf (COTS) products, as well as other 3rd party provided libraries and extensions.
• Maintain security documentation, and auditing for compliance.
• Conduct the review of operational and IT processes, provide management with an assessment of risks, internal controls design and the overall effectiveness and efficiency of the processes.
• Conduct testing of IT related controls and identify areas of control exceptions.
• Apply knowledge of IT trends and IT systems processes to identify engagement issues and risk management issues.
• Identify, document and provide recommendations on risks and mitigating plans across the company.
• Assist with data flow diagrams and documentation.
• Produce and enhance different key risk metrics and risk reporting for all audiences impacted.

Required Skills:

• Understands, identifies, evaluates, and documents key risks and controls.
• Project management
• Ability to analyze and articulate implications of compliance requirements
• Assist in the overall implementation of the Company's Compliance Management System and in the development of an overall compliance testing plan
• Strong writing skills with experience in documenting assessment procedures and results
• Demonstrate an ability to adapt to any changes in the regulatory environment
• Stay abreast of federal and state regulatory changes. Report such changes to management and assist in determining appropriate responses, including the development of new testing plans
• Skilled at communicating technical information to both technical and non-technical audiences and stakeholders at every level of the organization
• Ability to build and maintain relationships across diverse technical and non-technical teams
• Excellent communication skills (verbal and written) and the ability to effectively communicate designs, proposals, and results; and negotiate options at management levels
• Demonstrated teamwork and collaboration skills across teams at a companywide level

Required Education/Experience:

• 3+ years of experience delivering IT audit projects, including risk assessments, system reviews and IT controls testing
• Bachelor's Degree or relevant work experience
• Data Analytics enthusiasm or experience
• Strong understanding of SOX 404, PCAOB Auditing Standards, COSO, US GAAP, and Internal Audit Standards, including auditing processes and methodologies and risk and controls standards and business process best practices
• Sound knowledge and experience of IT controls across all domains such as access, change management, and computer operations
• Hands-on practice executing qualitative and quantitative risk analysis on complex environments.
• Experience in heavy technological environments and matrixed organizations.
• Knowledge of secure coding concepts and common vulnerabilities
• Proven track record of collaborating with cross-functional groups to set objectives and produce results.
• Experience managing, organizing, and coordinating projects and process-improvements in a program.

Learn about the Vivint Culture and why it's a great place to grow your career!

Here are some highlighted perks you should ask us about:

• Free daily lunch and drinks on site
• Paid holidays and flexible paid time away
• Employee/Friends/Family Discounts
• Onsite health clinic, gym, gaming tables
• Medical/dental/vision/life coverage & 24/7 Medical Hotline
• 401(k) + Employer Match
• Employee Resource Groups

WORKING CONDITIONS:
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

SAFETY:
Vivint enforces a safety culture whereby all employees have the responsibility for continuously developing and maintaining a safe working environment. Each new employee is responsible for completing all training requirements. Additionally, the employee must accept they have responsibility for maintaining the safety of themselves, their co-workers, and the public. Employee must adhere to all written and verbal instructions, promptly report and correct all hazards or unsafe conditions, question non-standard operations or unmitigated hazards, and provide feedback to management on all safety issues.

If you are an active Vivint employee, please apply through Workday by searching "Find Jobs".