Security Compliance Analyst

**Position Overview**: As a Security Compliance Analyst, your role is crucial in ensuring that Fortinet's information systems and processes comply with relevant security standards, regulations, and policies. You will be responsible for evaluating, developing, and maintaining the organization's security compliance framework, conducting audits and assessments, and recommending corrective actions to mitigate risks. Your expertise in security compliance will help safeguard Fortinet's sensitive data and maintain a robust security posture.

**Duties and Responsibilities**:

- Compliance Assessment:

- Perform regular assessments and audits of the organization's security controls, policies, and procedures.
- Identify potential vulnerabilities, risks, and compliance gaps through comprehensive reviews and analysis.
- Evaluate compliance with relevant regulatory frameworks, such as SOC2, ISO27001, GDPR, HIPAA, PCI DSS, and others.
- Collaborate with stakeholders to understand business requirements and ensure compliance measures align with industry standards.
- Compliance Framework Development:

- Develop and maintain an effective security compliance framework that aligns with organizational goals and objectives.
- Create and update policies, standards, and guidelines to address emerging security threats and regulatory changes.
- Design and implement security controls, procedures, and technical safeguards to ensure compliance across the organization.
- Risk Assessment and Management:

- Conduct risk assessments to identify potential security vulnerabilities and recommend appropriate risk mitigation strategies.
- Collaborate with cross-functional teams to implement risk management frameworks and ensure compliance with risk management policies.
- Provide guidance and support to stakeholders in understanding and addressing security-related risks.
- Monitor and report on the effectiveness of risk mitigation strategies.
- Documentation and Reporting:

- Prepare comprehensive reports and documentation related to security compliance assessments, audits, and findings.
- Maintain accurate records of compliance activities, audit results, and corrective actions taken.
- Provide regular reports to management, stakeholders, and regulatory bodies as required.

**Qualifications and Experience**:

- Bachelor degree in Information Security/Systems, Computer/Electronic Engineering, Communications Engineering or related field, and eight (8) years of experience in information security, audit, compliance, risk management or related occupation
- Proven experience in security compliance, risk management, or a similar role
- In-depth knowledge of security standards, frameworks, and regulations (e.g., SOC2, ISO27001, GDPR, HIPAA, PCI DSS).
- Experience in design and implementation of information security policies and controls
- Experience with core security technologies such as security information and event monitoring systems (SIEM), firewalls, network and host intrusion prevention and detection systems, proxies, vulnerability scanners, and anti-virus solutions
- Experience with cloud security management
- Demonstrated ability to understand and interpret audit, as well as security requirements
- Superior interpersonal and communication skills
- One or more of the following certifications preferred: ISO 27001 LA, CISSP, CCSP, CISA, and PMP

Fortinet strives to provide you and your family with a comprehensive benefits package. Benefits eligibility starts on your first day of hire and comprises of 100% company paid medical, dental, and vision coverage, including a Health Spending Account and a Personal Spending Account that gives you flexibility to spend where you need it the most. Our Employee & Family Assistance Plan (EFAP) offers you and your family access to various services like counseling, legal advice, mental health resources etc. We also provide critical illness, disability, and life insurance, as well as a Group Registered Retirement Savings Plan (RRSP) with a company match to help you save faster for retirement. We offer competitive Paid Time Off and flexible leave policies, including paid health days, to help you take care of yourself and your family members.

All roles are eligible to participate in the Fortinet equity program. Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.