Information Security Analyst

As an Information Security & Compliance Analyst, you will work in a cross-functional team environment with a variety of team members including Sales, Product, Marketing and more. You will participate in all aspects of managing client and vendor risk assessments and ensuring compliance with client contractual, regulatory and legal security requirements. You will help execute sound risk management processes and technical controls to meet customer needs, satisfy external audit requirements and address internal security objectives.

• Complete comprehensive information security risk assessments on potential and existing third-party service provider relationships
• Act as a liaison between business owners and third-party service providers to complete risk assessment activities and to establish and track acceptable risk mitigation actions
• Keep abreast of industry and third-party risk security management practices and advancements and incorporate that knowledge into daily work activities
• Implement and maintain policies, processes and controls to raise the overall security and compliance posture of Information Security Program, including reporting on, planning and tracking remediations/mitigation plans
• Coordinate, monitor or otherwise perform periodic vendor performance reviews for adherence to contractual SLAs
• As directed, drive risk analysis and operate controls and help implement industry best practices for teams across the organization
• Provide support and guidance on collateral such as external security audit reports and frequently asked questions to the internal teams
• Hold meetings with customers to answer questions about our security program and controls
• Track and report on trends in repeated customer asks and points of friction, and work with internal teams to help prioritize and define customer related requirements
• Proactively suggest improvements to the customer trust program
• Assist with other GRC activities as needed
• Provide approved responses to client inquiries and maintain library of records, documentation, and responses
• Drive documentation of processes, risks and controls.
• Coordinate with stakeholders to ensure all policy exceptions/risk acceptances are managed in accordance to Altium’s Information Security policies and standards

• Bachelor's degree in business administration, computer science, information technology, or a related field of study
• Basic knowledge of SaaS and Cloud (AWS, GCP, and others) environments
• Experience with at least one industry-standard risk/control framework: ISO 27001, AICPA SOC 2, CIS Top 18, COSO, NIST, CSA, COBIT, etc.
• Knowledge and experience with information security standards, rules and regulations related to information security and data confidentiality: APPI, GDPR, CCPA, etc
• Excellent written and verbal communication skills

Preferred Technology Experience

• Familiarity of cloud based security framework such as CSA Star or HITRUST CSF desirable
• 2+ years of experience working in the technology risk and compliance field
• Cloud Security certification is a plus
• Experience working in or with a technology organization is preferred
• Good understanding of key information security concepts

The salary range for this role is $90,000 - $100,000. Actual compensation packages within this range are based on a wide array of factors unique to each candidate and role requirements, including but not limited to skill set, years and depth of experience, certifications, and specific location.