Your Role:
Join our InfoSec team at Tenable as a hands-on (Mid) Risk and Compliance Analyst. Drive compliance and assurance efforts for our products and cloud services while assisting with external risk assessments, security assessments, and audits. Make a real impact on our organization's security and customer trust and come join us at Tenable!
Your Opportunity:
Serve as a company representative with prospects, customers, and partners for security questionnaires, assessments, and audits
Collaborate with Sales, Engineering, Information Security, IT, and Product Development teams to communicate compliance obligations and requirements
Complete Third-Party Risk Assessments (TPRM Program) for new and potential vendors/educate stakeholders on their responsibilities
Coordinate and participate in internal and external audit walkthroughs (ISO27k, SOC2, FedRAMP, Customer Audits, IRAP)
Help guide and perform remediation of issues identified during third-party assurance or internal reviews
Support special projects as needed, which may include:Assisting in the development and execution of the internal compliance program, involving preparation for audits, certifications, and risk assessments.
Assisting in the development, administration, and continuous monitoring of internal security controls.
What You'll Need :
US Citizenship
2+ years of experience in information security and vendor risk assessments based on industry standards.
2+ years of experience in responding to security assessments, SAQs, compliance requirements, etc
2+ years of experience with implementation, monitoring, and reporting of control processes, documentation, and remediation items
Experience working with the Federal Risk and Authorization Management Program (FedRAMP)
At least one relevant relevant security certifications (SSCP, Sec+, CISA, etc)
BS, BA in Information Technology, Computer Science, Information Security, or other related field
Be self-driven with the ability to work independently and comprehend all requirements
Strong communication skills and ability to collaborate effectively with all levels
Ability to adopt and utilize technology, with advanced proficiency in Excel, PowerPoint, and Vizio/Lucid.
And Ideally:
Knowledge of governance, risk and compliance frameworks (GRC)
Experience performing or undergoing internal and external audits
Analytical mindset with a rational, pragmatic, and realistic approach to security, risk, and compliance
Experience in a Big 4 or similar security consulting or risk assurance role
Experience as a FedRAMP assessor (3PAO) or advisor.
Experience with conducting audits, privacy, BC & DR Program Management
#LI-MM1
#LI-Remote
Please mention the word **BELOVED** and tag RMzUuOTIuMjAzLjIyNQ== when applying to show you read the job post completely (#RMzUuOTIuMjAzLjIyNQ==). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.
