Senior Compliance Analyst
COMPANY OVERVIEW
Domo's AI and Data Products Platform lets people channel AI and data into innovative uses that deliver a measurable impact. Anyone can use Domo to prepare, analyze, visualize, automate, and build data products that are amplified by AI.
POSITION SUMMARY
The Senior Compliance Analyst is a key member of Domo’s Compliance team responsible for evaluating and supporting compliance initiatives covering information security, policy, risk management, data classification, vendor management, privacy, audit, and awareness. This position assists other members of the Compliance team with designing, developing and implementing information security policies and documentation, assessing compliance with existing policies, and overall compliance with security-related requirements from customers.
Also, this position assists with performing security assessments and monitoring and tracking compliance status; developing and improving processes, procedures, standards, and guidance; providing guidance on security control implementation; and defining and implementing process improvement and maturity initiatives.
The position will also be responsible for assisting in developing policies and procedures and evaluating risks and controls to support the company’s Federal Information Security Management Act (FISMA) Security Accreditation (FedRAMP), ISO 27001, ISO 27018, SSAE 18, HITRUST, and other regulatory and compliance initiatives. Success in this role requires a good understanding of information security best practices, strong security knowledge, ability to understand and communicate risk and controls, organization, planning, good communication and writing skills.
KEY RESPONSIBILITIES
- Work with internal stakeholder engineering teams to document the implementation of security compliance control implementations for technical, management, and operational requirements
- Collect and document technical architecture, operational processes and security policies from multiple internal engineering teams
- Assist with gap analysis of current policies, procedures and practices as they relate to established guidelines outlined by NIST, FISMA, HIPAA, and other regulatory standards
- Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas
- Build and maintain the controls matrix, in alignment with multiple compliance frameworks, including SOC 1 & SOC 2, ISO 27001, ISO 27018, HITRUST, and HIPAA
- Assist in establishing rules for risk analyses and security assessments which includes addressing controls defined by NIST SP 800-53 for both business operations and technical implementations throughout the company
- Assist in and develop information security training and awareness programs
- Perform vendor security assessments and interface with vendors on occasion
JOB REQUIREMENTS
- Bachelor's degree in Computer Science, Information Technology or related field
- Minimum of 3 years’ experience in compliance, audit, and/or information security
- CISSP, CISA, CCSA or equivalent certification required
- Familiarity with enterprise-level compliance tools such as ServiceNow, Archer or other industry equivalent software
- Knowledge and experience in NIST SP 800-53 Rev 4, ISO 27001, ISO 27018, SSAE 18, HIPAA and HITRUST
- Experience in cloud based environments for production applications, including Amazon Web Services, Microsoft Azure or other large scale cloud deployment
- Understanding of risks and controls as they pertain to information security and data privacy
- Interpersonal skills to work as a team member and as a liaison
- Excellent verbal communication, presentation, organizational and planning skills
LOCATION: American Fork, UT
BENEFITS: https://www.domo.com/company/careers/culture
Domo is an equal opportunity employer.
#LI-BD1
#LI-Onsite
Apply for this job
*
indicates a required field