Security & Compliance Analyst

**Role**: Security Compliance Analyst

**Department**: Risk and Compliance

**Introduction**:
Our goal at Pivotree is to help accelerate the future of frictionless commerce. We will help lead this change over the next decade because we believe a future where technology is embedded intimately into all aspects of our everyday lives can benefit everyone and will shape the interactions with the brands we love. We will help shape the future of frictionless commerce by working together with some of the best brands in the world and some of the best people in the industry to leverage converging technologies that will make it possible to accelerate frictionless commerce faster than ever.
This is a journey of technology acceleration combined with consumer readiness and adoption. We are looking for people capable of adapting relentlessly to the rapidly evolving world around us.

**Position Summary**:
As Security Compliance Analyst, you would be a member of an agile team that is focused on how to maintain and iterate cybersecurity policies and standards, evaluate control effectiveness, and comply with emerging laws and regulations at the scale and speed necessary to protect Pivotree’s people, data, and reputation by ensuring information security best practices are implemented and followed. You will have the opportunity to influence the controls designed to manage, develop, deploy, and support security requirements globally, as well as evaluate the effectiveness over those controls.

**Roles & Responsibilities**:

- Map security controls as per policy/process of different frameworks
- Facilitates third party external audits, such as, PCI, SOC1/2/3, ISO 27001 etc.
- Maintains central repository of Pivotree ISMS documentation, communicating and training staff on industry standards.
- Coordinate with different team members for evidence collection related to corporate compliances.
- Respond to security questionnaires from clients and business partners.
- Proactively identifies and resolves issues in controls and determines new controls to be put in place to address gaps.
- Manage and administer LMS environment, Oversee cybersecurity awareness and other associated training to maintain compliance.
- Monitors changes in regulations to ensure security controls remain in compliance.
- Support the enforcement of Corporate Security policies, procedures, and standards.
- Assists different BUs in risk identification, mitigation strategies, control documentation, evaluation of control design, evaluation of control operation, reporting of control deficiencies, and remediation strategies.
- Risk assessments and vendor security assessments
- Create cyber security reports and dashboards to highlight the effectiveness of the cybersecurity program.
- Effectively communicates technical and non-technical content to diverse audiences.
- Researches and evaluates security compliance risk in order to factor that information into the development of security standards, procedures, and controls to manage that risk, with a mindset of continuous process improvement.
- Assist with maintaining Risk Register

**Key Skills & Competencies**:

- A degree in Computer Science, Information Security, Cyber Security, Risk Management, or Information Technology or equivalent experience and accredited compliance management certification preferred
- Prior experience with GRC, LMS, VMS(what is this)? tools and platforms is required.
- Must be certified in a security discipline example CISA, CISM, CISSP etc.
- Understanding and experience of handling audits of cybersecurity risk and governance standards, with NIST, ISO27001, SOC1/2 and PCI/DSS experience is mandatory
- Good analytical abilities to prepare reports and assessments.
- Experience in identifying and performing data classification with the intent to ensure appropriate control and authorization are present.
- Quantitative Risk Management: Experience implementing quantitative risk methodologies and integrating them into business activities
- Must have adequate experience in completing 3rd party risk assessments.
- Respond to customer’s security questionnaires.
- Strong work ethic with attention to detail.
- Must be an initiator / self-starter and have the ability to work with mínimal supervision, be able to prioritize tasks, and manage their time to meet deadlines.

Pivotree is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive and accessible workplace.