Senior Security Compliance Analyst
Duo Security, now a part of Cisco, is the leading provider of Trusted Access security and multi-factor authentication delivered through the cloud.
Duo’s mission is to make security simple for everyone. We were born from a hacker ethos and a desire to make the Internet a secure place. We believe in empowering people to follow their passions inside and outside of the office and enable every employee to bring their whole self to work.
Our team is our secret weapon. We run the spectrum from artists to analysts, low-key to high energy, and bring together a diversity of skill sets, experiences, and perspectives to solve what we consider to be the world's most pressing geopolitical challenge — transforming the security industry as we know it. Together, we build solutions that are easy, effective, trustworthy, and enduring. And that’s why we are the most loved and trusted company in security.
What you’ll do…
You will recommend and help develop appropriate information security policies, standards, procedures, checklists, and guidelines using industry-recognized security concepts, frameworks, and standards tailored to meet the requirements of the organization and assist IT process owners in the creation and maintenance of these policies/procedures.
You will provide approved responses to client compliance inquiries and maintain library of responses.
You will work closely with departments, subject matter experts, vendors, & auditors/assessors to continuously identify and manage risks while ensuring readiness to satisfy internal & external audit requirements.
You will work with various departments to ensure controls-related documentation in support of information assurance and compliance activities is maintained.
You will coordinate evidence gathering within Security and all business units.
Skills you have…
Experience in information security preferred
Experience with information technology audits and/or risk assessments preferred
Familiarity with privacy laws, data protection, and information security regulations, and frameworks, such as SOC 2, NIST 800-171, 800-92, 800-63, 800-61, 800-53, 800-37, NIST Cybersecurity Framework, PCI-DSS, GDPR, and FedRAMP
Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
Familiar with and able to apply generally-accepted security methods, concepts and techniques
Excellent communication and listening and facilitation skills
Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues and obstacles
Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
Reasons why you should apply…
Think about both the intent and the impact of information security framework requirements and controls informed by risk
Care about contributing to an amazing work culture and environment
Enjoy building and evolving organizational policies and security mindset and have the drive to teach
This job may not be for you if...
If you are serious about secure software development and you are interested in making sure that these principles are reflected in Duo's product, then you should actually apply for our Application Security Engineer role as that will be the best fit!
If you want to spend your days hacking the planet, take a look at one of the researcher roles our on Duo Labs team.
If you find yourself easily distracted by security incidents and would prefer spending your time responding to and investigating indicators of compromise, you should apply for our Information Security Analyst role instead.
Duo is committed to cultivating and preserving a culture of inclusion and connectedness. We are able to grow and learn better together with a diverse team of employees. The collective sum of the individual differences, life experiences, knowledge, innovation, self-expression, and talent that our employees invest in their work represents not only part of our culture, but our reputation and Duo’s achievement as well. In recruiting for our team, we welcome the distinct contributions that everyone brings in terms of their education, opinions, culture, ethnicity, race, gender identity and expression, nationality, age, languages spoken, veteran’s status, religion, disability, sexual orientation and beliefs.
And if this role is exciting you, we encourage you to apply even if you don’t meet all 100% of the description or qualifications. Finally, and most importantly, we are a proud Equal Opportunity Employer.