Senior Security Compliance Analyst

Join Vonage and help us innovate cloud communications for businesses worldwide!

We are looking for a Senior Security Compliance Analyst to enhance our security team. This role will monitor, manage, and close existing compliance issues while analyzing internal systems for compliance with security standards. Toward this end, they will work with IT support staff who perform vulnerability assessments and develop mitigation strategies to ensure compliance with current procedures and policies across the organization. 

Typical Duties and Responsibilities

• Analyze technical controls to ensure that security and compliance requirements are met
• Verify documented processes, procedures, and standards to validate maintenance of secure configurations
• Track enterprise compliance across multiple security frameworks and maintain records of requirements and mitigating controls
• Oversee the development, documentation and maintenance of the control framework
• Evaluate organization information systems, management procedures, and security controls
• Develop performance metrics to track compliance
• Perform internal risk assessments
• Develop security and privacy awareness training
• Manage IT and Information Security projects to ensure that risk issues and security policy are addressed throughout the project life cycle
• Serve as a liaison between external auditors and internal support teams
• Manage security compliance certification assessments and audits (PCI, SOC 2, HIPAA, HITRUST, ISO 27001) 

Ability to:

• Effectively communicate technical issues to diverse audiences, both in writing and verbally;
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
• Evaluate and update and/or revise program materials;
• Learn quickly and apply knowledge to new situations;
• Handle sensitive and confidential matters, situations, and data;
• Understand and follow broad and complex instructions;
• Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service;
• Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
• Work independently and prioritize multiple tasks and adapt to needed changes;
• Remain calm under high pressure/difficult situations.

Education

• Bachelor’s degree in computer science, business, or a related field

Required Skills and Experience

• 5+ years of experience conducting security control assessments or audits
• 2+ years of experience developing or managing a security awareness program
• Knowledge of information security standards and information privacy laws
• Knowledge of core security controls and systems such as risk analysis quantification and points of escalation
• Knowledge of IT security regulations and standards, such as ISO and Sarbanes-Oxley
• Knowledge of cloud technologies and IaaS, PaaS, and SaaS platforms
• Demonstrated ability to implement new policies and programs
• Strong written and verbal communication skills
• Strong analytical and critical thinking skills

Preferred Qualifications

• Professional certification, such as CISA, CISM, CRISC, CISSP, or ISAAP

There’s no perfect candidate. You don't need all the preferred qualifications to make a valuable impact on our team. Our employees and customers come from diverse backgrounds, so if you're passionate about what you could achieve at Vonage, we'd love to hear from you.

To learn how we process your personal data during the recruitment process, please refer to our Privacy Notice. 

Who we are:

Vonage is a global cloud communications leader. And your talent will further help brands - such as Airbnb, Viber, WhatsApp, and Snapchat - accelerate their digital transformation through our fully programmable-based unified communications, contact center solutions, and communications APIs. Ready to innovate? Then join us today.

Note: The purpose of this profile is to provide a general summary of essential responsibilities for the position and is not meant as an exhaustive list. Assignments may differ for individuals within the same role based on business conditions, departmental need or geographic location.