Cyber Security Compliance Readiness, Senior Analyst at Blackbaud
Leading uniquely at the intersection point of technology and social good, Blackbaud provides software, services, expertise, and data intelligence that empowers and connects people to advance the social good movement. We serve the entire social good community, which includes nonprofits, foundation, corporations, education institutions, and the individual change agents who support them. We work with over 40,000 organizations, helping them realize their goals, fund their missions, manage their operations, and develop long-lasting supporter relationships. Our customers are passionate about making the world a better place, and we’re inspired by the opportunity to help them.
The Cyber Security Compliance Readiness Analyst will be responsible for working with our Operational Risk and Compliance teams, as well as various Cyber Security Subject Matter Experts to further mature the processes of preparing for compliance related initiatives. The Compliance Readiness Analyst will be responsible for the consolidation and facilitation of audit requests across the Cyber Security team, as well as improving processes for audit collateral collection. This will include internal audits as well as customer audit collateral facilitation. This resource will primarily be working with the with our compliance team on our various PCI DSS audit activities, as well as SOC 2, HIPAA Risk Assessments, and other compliance/ audit initiatives that Blackbaud’s Cyber Security team is required to provide evidence for.
What you will be doing:
- Work with the Cyber Security Governance team to ensure all compliance requirements are addressed in annual policy updates and policies, standards, and procedures documentation
- Act as primary Security Liaison for compliance related initiatives
- Prepare audit artifacts in advance of compliance cycles for appropriate evidence gathering requirements
- Work with Security SMEs to collect and submit evidences to compliance team/ auditors in a timely fashion
- Facilitate audit related activities throughout the Cyber Security Team
- Work with the Cyber Security team, Compliance team, and PMO to develop process efficiencies for compliance readiness
- Develop process to review compliance requirements on routine basis and ensure artifacts are being collected in advance of audits and assessments.
Customer Compliance Initiatives
- Act as primary resource for customer audit requests
- Facilitate audit requests with customers and provide appropriate due diligence documentation and collateral
- Respond to customer audit requests lists and engage appropriate SMEs across RDO/ Security/ IT/ etc. where appropriate for responses.
- Leverage efficiencies from internal audits to create efficiencies and reuse scored material where appropriate
- Facilitate sessions between customer auditors and internal Blackbaud SMEs as appropriate.
Sales & Customer Trust and Enablement
- Act as primary resource for escalated customers who require additional audit initiatives and activities
- Continue to work with these customers’ sales teams and the customers to build relationships with these customers.
- Facilitate ongoing discussions between customer, product owners, and account team on ongoing security requests and advanced security control requirements.
What we want you to have:
- Degree in Computer Information Systems, Computer Science, Information Systems Management, or equivalent professional experience
- 4+ years of progressively responsible experience in the management of information systems with at least 2 years of formal experience in information security.
- Experience with:
- Customer engagements/ Support
- Security Technologies / Methodologies
- IT Audit/Risk Management
- Information Security Metrics and Reporting
- Cyber Security Frameworks and regulations such as NIST CSF, ISO27001, etc.
- Compliance Frameworks and regulations such as PCI DSS, HIPAA, SOC 1 & 2,
- Certification in information security disciplines such as: GIAC – GSEC, GCED, GLEG, GSLC, GISP, GCCC, GAWN, GSTRT, GISF, GSNA, and/or CISA, CISM, CRISC