IT Security and Compliance Analyst
Sunnyvale, CA, United States
Job Description
Security and Compliance Analyst
Job Summary: We are seeking a highly skilled and motivated Security and Compliance Analyst to join our dynamic team. The ideal candidate will play a crucial role in ensuring the security and compliance of our organization by supporting the implementation of ISO 27001 and conducting internal audits. The candidate should also have expertise in other compliance standards such as SOC 2, HIPAA, FedRAMP, and other relevant frameworks. This position requires a detail-oriented individual with strong analytical and communication skills and solid understanding of security concepts, processes, and technologies.
Job Responsibilities:
ISO 27001 Implementation: Support the implementation of ISO 27001 Information Security Management System (ISMS) program and relevant certifications.
Collaborate with cross-functional teams to establish and maintain security policies, procedures, and controls.
Internal Audits: Plan, execute, and manage internal audits to assess compliance with ISO 27001 standards and other relevant standards.
Identify areas of improvement and provide recommendations for enhancing security and compliance measures.
Compliance Standards: Stay current on industry-specific compliance standards such as SOC 2, HIPAA, FedRAMP, and others applicable to the organization.
Implement and manage compliance programs to meet regulatory requirements.
Risk Management: Conduct risk assessments and work with relevant teams to develop mitigation strategies.
Documentation and Reporting: Maintain accurate and up-to-date documentation related to security and compliance activities.
Prepare and deliver reports to management on the status of security and compliance initiatives.
Collaboration: Collaborate with internal teams, external auditors, and third-party vendors to facilitate compliance assessments and audits.
Qualifications:
Bachelor's degree in information security, Computer Science, or a related field.
Professional certifications such as CISA, CISSP, ISO 27001 Lead Auditor, or equivalent.
Proven experience in implementing ISO 27001 and conducting internal audits.
Familiarity with other compliance standards such as SOC 2, HIPAA, FedRAMP, etc.
Strong understanding of risk management principles and methodologies.
Excellent communication and interpersonal skills.
Ability to work independently and as part of a team.
Experience with GRC tools.
The US base salary range for this full-time position is $120,000-$165,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.
Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.
All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company's discretion.
#LI-BHAVYA
About Us
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
We are committed to providing reasonable accommodations for all qualified individuals with disabilities. If you require assistance or accommodation due to a disability, please contact us at [email protected].
Fortinet is an equal opportunity employer. We value diversity in our company, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, military/veteran status or any other applicable legally protected characteristics in the location in which the candidate is applying.