Security and Compliance Analyst

Livermore, CA, United States

Topcon Positioning Group is headquartered in Livermore, California, USA (topconpositioning.com).

We design, manufacture and distribute productivity tools for developing a brighter future. Whether cultivating the earth or building upon it, Topcon brings innovation in workflow automation and seamless connectivity of data to construction, geopositioning and agriculture industries focused on developing a sustainable tomorrow.

Topcon is an equal opportunity employer and does not discriminate against any employee or applicant on the basis of race, color, religion, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, genetic information, or other legally protected status.

To learn more about Topcon career opportunities go to www.topconcareers.com.

Summary

****** This is a hybrid role 3 days onsite (Tuesday, Wednesday, Thursday) and candidates should be within commute distance to Livermore, CA or Oakland, NJ.******

Topcon Global Information Security team is looking for an experienced Security and Compliance Analyst who will be the lead for the GRC function. This is a hybrid role for Livermore CA.

The Security and Compliance Analyst will be responsible for Control framework compliance oversight and execution of governance activities including auditing. Prioritize and track security and compliance risk issues, guide internal and external stakeholders on mitigation, identify risks that increase loss probability and communicate the posture to the Leadership team. The candidate will act as a subject matter expert for Security Governance, Risk, and Compliance.

Responsibilities

Measure effectiveness of compliance by conducting routine and focused audits of policy/procedure adherence and ensuring a compliance feedback/prevention process that uses the results of both internal and external audits and investigations to develop, revise and strengthen new and/or existing policies, procedures, and relevant employee training.

Be responsible for third party risk assessments: assessing controls, processes, and/or systems to identify the threats and vulnerabilities that lead to a risk.

Assist with investigation, auditing, review, and analysis of general compliance, HIPAA Privacy, and other matters to help ensure compliance with internal policies.

Assist with the development, update, revision, and/or implementation of compliance policies, procedures, and practices for general compliance and operations.

Participate in risk assessments of applications, infrastructure, business, and technology vendors against a defined risk framework.

These assessments will be conducted either through a formalized risk assessment program or through other risk reporting activities.

Qualifications Bachelor's degree.

Expected 4 - 6 years of experience in cross-functional audit, risk, compliance and/or information security disciplines.

Subject matter expertise in the areas of various frameworks including but not limited to SOX, PCI, HIPAA, ISO 27001, COBIT, etc.

Knowledge and experience of HIPAA Privacy and Security Requirements or HITRUST or SOC 1/2 type audits

Strong understanding of security frameworks and standards such as NIST, ISO27001, HIPAA, and other relevant regulations such as GDPR

Ability to work independently, in a team, and cross-organizationally to analyze and communicate opportunities for strategic compliance improvements

Critical thinking, productivity, and strong attention to detail

Strong listening and written/verbal communication skills

Experience in project management, along with organizational and planning skills

Technical experience implementing controls and assessing processes for various applications and technologies (e.g., SAP, PeopleSoft, Oracle, SQL, Azure DevOps, AWS, Windows, Linux, Service Now, CI/CD processes, etc.).

Occasional travel may be required, not to exceed 10%.

The base pay range 106k-155k is a projected hiring range for a position, level and potential work location(s) listed. Topcon provides the compensation range that it in good faith believes it might pay and/or offer for this position. This compensation range is based on a full-time schedule.

Topcon offers a comprehensive benefit package for this position including medical, dental, vision, life insurance, disability insurance, tax saving spending accounts a 401(k) plan with employer match, tuition reimbursement in addition to other perks and benefits. We also offer time off for our employees to recharge. Our employees are eligible for paid company holidays, paid personal time off, and paid sick time that meets or exceeds state/local requirements.

Topcon reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation; individual candidate compensation may be determined based on individual skills, experience, training, certifications, education, final work location and other factors not related to an applicant's sex or other status protected by local, state, or federal law. Changes in the position level, location or other factors associated with the role may change the final determined compensation. The recruiter can provide additional information during the hiring process.

Topcon time off policies can vary between Topcon Positioning Systems, Inc. and Topcon Solutions Stores, Inc, as well as roles which are exempt or non-exempt. For hourly ("non-exempt") employees, we offer personal paid time off which accrues in accordance with local standards. For salaried ("exempt") employees, we offer a flexible paid time off policy giving you flexibility to take time when needed, while supporting business needs. All paid time off policies are in accordance with or exceeding local law. Employees working at least 30 hours per week are eligible for our Health and Welfare benefit package.

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.