Description
Job Description
Blueprint RF is searching for an Security Compliance Sr Analyst who will report to the Senior Director of Operations. This individual will contribute to the compliance and governance activities related to multiple frameworks and requirements including SOC 2, ISO 27001, PCI-DSS, and more. This individual will assist with security controls implementation and maintenance and help evolve the compliance and cybersecurity program to be more effective and efficient to enable scalability. This individual must exhibit accountability for the compliance projects and tasks assigned to them while continuing to drive actions across multiple teams. The right candidate for this role has a technical background and can apply their knowledge to information security and business operations.
Responsibilities:
- Function as the compliance liaison between business, engineering, and sales
- Collaborate with cross functional teams to validate Blueprint RF is effectively implementing and maintaining relevant security controls, understand their operations, and ensure compliance with corporate standards.
- Monitor and enhance the controls necessary to achieve and maintain SOC 2, ISO 27001, and other compliance requirements. Routinely test controls as required.
- Manage multiple compliance programs including SOC 2 and the Information Security Management System based on ISO/IEC 27001:2022 requirements.
- Effectively communicate compliance status, timelines, risk, remediation efforts to leadership.
- Maintain procedures, documentation and records necessary to comply with compliance initiatives.
- Develop, revise, and maintain remediation plans in coordination with the remediation owners. Track the remediation plans to closure.
- Maintain tools and processes that enable governance of compliance.
Minimum:
- Bachelor’s degree in a related discipline and 4 years’ experience in a related field (i.e. information security controls, information technology audit, or security risk management.) The right candidate could also have a different combination, such as a master's degree and 2 years’ experience; a Ph.D. and 1 year experience in a related field; or 8 years’ experience in a related field
- Demonstrated experience with at least 2 of the following: ISO 27001, SOC 2, PCI DSS, or NIST 800-53.
- At least one relevant industry certification, for example: CISSP, CISA, CISM, CRISC.
- Ability to work independently under minimal supervision with a team-player mentality to achieve desired business results.
- Strong attention to detail, well organized, and able to manage time effectively.
Preferred:
- Understanding of security engineering principles.
- Professional services audit or consulting background a plus.
Compensation:
Compensation includes a base salary of $88,300.00 - $147,100.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.