Senior Security Compliance Analyst
The Cisco Security Business Group (SBG) focuses on empowering the world to reach its full potential, securely through the Cisco Secure products. Within the SBG Security team, we support this mission by building thoughtful partnerships with our internal stakeholders to drive security strategy alignment across the SBG portfolio to deliver simple, effective security solutions for our internal customers that meet both market and industry expectations.
Our team's mission is to become our internal customers' most trusted partners by building best-in-class security programs that shape the market with our research, make it easy for our customer teams within Cisco to develop secure software, protect our most valuable information and customer assets, and enable SBG employees to work securely as they deliver Cisco Secure products including Duo, Umbrella, SecureX, Talos, Amp for Endpoints, StealthWatch, Tetration, and beyond.
We are looking for a Senior Security Compliance Analyst to work as a team member on the execution of our security compliance certification programs to assess internal compliance against established standards along with working with teams to drive the compliance program. This role will be focused on evaluating security controls, acting as a subject matter expert, and supporting audits for various certification programs.
What You Will Do:
- Facilitates the execution of internal and external audits for SBG products in accordance with various commercial and international compliance frameworks.
- Leads audit walkthroughs and drives the process of audit evidence collection and review.
- Evaluate security controls and act as a compliance subject matter expert.
- Manage compliance controls lifecycle including design, testing, ongoing monitoring, mapping to risks, policies and procedures.
- Maintain monitoring of security controls and operating procedures in cooperation with internal teams.
- Engage with engineering team members and other control owners in research and analysis of audit requirements in support of new initiatives, continuous improvements, and remediation efforts.
- Contribute to on-going efforts to standardize and improve audit readiness.
- Lead development and tracking of audit readiness and remediation project plans; assist in tracking successful completion of work, and ensure alignment with product roadmap.
Skills You Have:
- Demonstrated experience working in commercial and international security compliance audit programs, including SOC2, PCI, ISO 27001, 27017, 27018, C5, ENS, IRAP, ISMAP, etc.
- Familiarity with Agile development and delivery processes, and how to blend compliance controls with ongoing work processes.
- The ability to manage complex projects, including identifying dependencies and evaluating impact.
- Experience in building productive relationships and drive collaboration with both technical and non-technical teams.
- Demonstrated ability to function as a strong business to technology, helping to bridge the business view and requirements to technologists building solutions.
- Experience formulating audit testing plans, steps, and procedures.
- Experience with GRC tooling, data analysis, and compliance automation..
- Ability to operate effectively in a remote environment
- Self-starting, self-motivated, self-directed, and self-sufficient.
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we're "old" (36 years strong) and only about hardware, but we're also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do - you can't put us in a box!
But "Digital Transformation" is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward.
So, you have colorful hair? Don't care. Tattoos? Show off your ink. Like polka dots? That's cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!
U.S. Vaccination Requirements
Cisco requires all U.S. employees to be fully vaccinated or have an approved religious or medical accommodation. Candidates accepting an offer must provide proof of vaccination status on their first day. If someone anticipates requesting an accommodation for this requirement, they must receive approval before the start date. Candidates receiving an offer will receive additional information about the accommodation process at the time of the offer. All offers of employment are contingent upon complying with Cisco's vaccination policy.