Security And Compliance Analyst

Role: Security and Compliance Analyst

Department: Risk and Compliance

Introduction:

Our goal at Pivotree is to help accelerate the future of frictionless commerce. We will help lead this change over the next decade because we believe a future where technology is embedded intimately into all aspects of our everyday lives can benefit everyone and will shape the interactions with the brands we love. We will help shape the future of frictionless commerce by working together with some of the best brands in the world and some of the best people in the industry to leverage converging technologies that will make it possible to accelerate frictionless commerce faster than ever.

Pivotree provides services focused on the design, implementation, management, and maintenance of complex ecommerce solutions for large enterprises. We provide the technical skills necessary to enable the effective use of technologies combined with the business context to leverage a solution to solve our clients' business challenges. We strive to fill the gaps in available technology with our own IP to reduce the barriers to adoption.

We enable inclusive, immersive and highly personalized experiences for our clients and their customers. We build our products with a view to productizing and scaling technology to lower the costs and reduce the risks of implementing and managing our integrated solutions. Each of our solutions starts with reliable and reputable e-commerce and MDM platforms, which run on enterprise grade infrastructure that are customized to meet a variety of client needs, situations, and budgets. Over the next 10 years we will add new categories and capabilities that will define frictionless commerce ecosystems.

This is a journey of technology acceleration combined with consumer readiness and adoption. We are looking for people capable of adapting relentlessly to the rapidly evolving world around us.

Position Summary:

As Security Compliance Analyst, you would be a member of an agile team that is focused on how to maintain and iterate cybersecurity policies and standards, evaluate control effectiveness, and comply with emerging laws and regulations at the scale and speed necessary to protect Pivotree’s people, data, and reputation by ensuring information security best practices are implemented and followed. You will have the opportunity to influence the controls designed to manage, develop, deploy, and support security requirements globally, as well as evaluate the effectiveness over those controls.

Roles & Responsibilities:

• Proactively identifies and resolves issues in controls and determines new controls to be put in place to address gaps.
• Manage and administer LMS environment, Oversee cybersecurity awareness and other associated training to maintain compliance.
• Assists different BUs in risk identification, mitigation strategies, control documentation, evaluation of control design, evaluation of control operation, reporting of control deficiencies, and remediation strategies.
• Coordinate with different team members for evidence collection related to corporate compliances.
• Facilitates third party external audits, such as, PCI, SOC1/2/3, ISO 27001 etc.
• Create cyber security reports and dashboards to highlight the effectiveness of the cybersecurity program.
• Maintains central repository of Pivotree ISMS documentation, communicating and training staff on industry standards.
• Respond to security questionnaires from clients and business partners.
• Researches and evaluates security compliance risk in order to factor that information into the development of security standards, procedures, and controls to manage that risk, with a mindset of continuous process improvement.
• Assist with maintaining Risk Register
• Support the enforcement of Corporate Security policies, procedures, and standards.
• Risk assessments and vendor security assessments
• Monitors changes in regulations to ensure security controls remain in compliance.
• Map security controls as per policy/process of different frameworks
• Effectively communicates technical and non-technical content to diverse audiences.

Skills & Competencies:

• A degree in Computer Science, Information Security, Cyber Security, Risk Management, or Information Technology or equivalent experience and accredited compliance management certification preferred
• Respond to customer’s security questionnaires.
• Quantitative Risk Management: Experience implementing quantitative risk methodologies and integrating them into business activities
• Strong work ethic with attention to detail.
• Experience in identifying and performing data classification with the intent to ensure appropriate control and authorization are present.
• Must be certified in a security discipline example CISA, CISM, CISSP etc.
• Must have adequate experience in completing 3rd party risk assessments.
• Understanding and experience of handling audits of cybersecurity risk and governance standards, with NIST, ISO27001, SOC1/2 and PCI/DSS experience is mandatory
• Prior experience with GRC, LMS, VMS(what is this)? tools and platforms is required.
• Good analytical abilities to prepare reports and assessments.

Pivotree is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive and accessible workplace.