Audit and Compliance Analyst
About CrowdStrike
CrowdStrike is the leader in cloud-delivered next-generation endpoint protection, threat intelligence, and pre- and post-incident response services. With the ability to collect and process over 100 billion events a day, CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. We are one of the World's Most 50 Innovative Companies according to MIT, and one of Forbes Most Promising Companies. Our growth and innovation are driven by incredible employees who deliver unmatched customer success.
We have received a number of exciting awards including:
- October 2018: 100 Best Medium Workplaces Second Year in a Row by Fortune magazine.
- June 2018: Closed over $200 million, led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG (Google), achieving a valuation of more than $3 billion.
- April 2018: CrowdStrike Wins SC Award for Best Security Company Second Year in a Row.
About the Role
The Compliance Analyst is charged with the identification, assessment, measurement, monitoring, and reporting of risk through CrowdStrike’s Governance, Risk and Compliance program. The Compliance Analyst’s primary function will involve supporting and further developing CrowdStrike’s vendor risk management program. Additionally, the Compliance Analyst will assist with CrowdStrike’s Federal Compliance including supporting monthly continuous monitoring reporting, facilitating the identification and remediation validation of issues and supporting audit and assessment activities. The ideal candidate will be up to the challenge of devising innovative and flexible ways to automate compliance controls that support a fast-paced, empowered environment. This role will also occasionally address other security and privacy compliance areas.
What You’ll Need
- 3+ years demonstrated experience in vendor risk management, enterprise risk management, information security, privacy, or a data protection or assurance-related function.
- Experience performing third party and vendor risk evaluations and risk assessments
- Experience conducting assessment, reporting and remediation projects supporting policy and regulatory mandates (e.g. SOX, SOC1/SOC2, CSA-CCM, ISO27001/ISO27031, GDPR, PCI-DSS and FISMA).
- Experience providing guidance to information and system owners, and functional leadership regarding internal control gaps and assisting management in defining and prioritizing timely remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented.
- Fundamental technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures.
Bonus Points
The successful candidate for this role will have experience in the following areas:
- Experience in IT risk management / audit with a “Big 4” Audit Firm or comparable consulting firm preferred.
- Technical and Functional experience in domain of Governance, Enterprise Risk Management and Regulatory Compliance
- Experience with risk assessments and compliance of major regulatory initiatives (e.g. HIPAA, ISO, PCI, SOX 404, FedRAMP, SOC2 Type 2)
- Some practical experience in programming languages including typical HTML, CSS, JavaScript, Python, etc.
- Project management experience in scoping, work break-down, critical path analysis, resourcing, managing time estimates, project risks, and quality.
Benefits of Working at CrowdStrike
- Market leader in compensation and equity awards
- Competitive vacation policy
- Comprehensive health benefits + 401k plan (US only)
- Paid paternity and maternity leave, including adoption
- Flexible work hours and remote-friendly environment
- Wellness programs
- Stocked fridges, coffee, soda, and snacks
- Peer recognition
- Inclusive culture focused on people, customers and innovation
- Regular team activities, including happy hours, community service events
CrowdStrike believes that diversity and inclusion among our organization is essential to our success as a global company, and we seek to attract, retain and empower the industry’s best and brightest from a diverse talent pool.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.