IT Security Compliance Analyst

Join the leader in entertainment innovation and help us design the future. At Dolby, science meets art, and high tech means more than computer code. As a member of the Dolby team, you’ll see and hear the results of your work everywhere, from movie theaters to smartphones. We continue to revolutionize how people create, deliver, and enjoy entertainment worldwide. To do that, we need the absolute best talent. We’re big enough to give you all the resources you need, and small enough so you can make a real difference and earn recognition for your work. We offer a collegial culture, challenging projects, and excellent compensation and benefits.

The IT Security Compliance Analyst will execute IT governance processes and the deployment of process improvement initiatives. This position will leverage best practices to ensure global and cross-functional Governance, Risk Management, and Compliance with applicable regulations and IT policies. In addition, the IT Security Compliance Analyst will monitor on-going vendor compliance with documented security standards as dictated by contractual agreement.

This role will be based out of Dolby’s Headquarters in San Francisco, CA.

Responsibilities:

  • Interact with various Business and IT groups, to review, assess and monitor compliance with various programs such as SOX, HIPAA, MPAA and others.
  • Work with IT GRC (Governance, Risk, and Compliance) Lead on continuous improvement of internal IT control framework.
  • Assist in identifying and reporting on risk and compliance issues.
  • Review threats and vulnerabilities and recommend and drive remediation actions.
  • Perform ITGC (Information Technology General Controls) management reviews and update program documents.
  • Support IT GRC Lead in performing access and Segregation of Duties (SOD) risks reviews across applications.
  • Coordinate IT activities with internal and external auditors.
  • Operate vendor security controls reviews on existing and prospective vendors.
  • Ensure IT teams are following Change Management policy, standards, and procedures.
  • Ensure project are performing security compliance activities as part of the overall project management lifecycle.
  • Partner with Service Now team on continuous develop improvement of GRC processes.
  • Play a key role in security reporting & metrics, leading to risk reduction, trending and overall security posture improvements.
  • Leverage existing security standards to measure IT performance and compliance.

Requirements:

  • B.S. Degree in Accounting, Finance, Computer Science or related field
  • CISSP, CISA or related certification
  • 2-4 years’ experience operating global IT governance/compliance programs
  • Excellent communication skills (oral and written)
  • Excellent presentation, project management, problem-solving, and conflict resolution skills
  • Deadline-driven, detail oriented, focus on efficiencies and process improvement
  • High integrity and business ethics
  • Ability to participate in and facilitate group meetings, including with remote staff
  • Ability to interpret regulations and laws and communicate effectively to all levels of the organization
  • Experience reviewing 3rd party security reports (SSAE16 SOC 1 and 2, penetration testing reports, SIG) against industry security standards (CSA, NIST, ISO, SANS, OWASP) as part of an overall vendor management program
  • Experience with Change and Release Management based on ITIL best practices
  • Experience with controls testing design
  • General knowledge of traditional and SaaS-based ERP systems, databases, operating systems and networking
  • General knowledge of COBIT, Sarbanes Oxley, ITIL or other control frameworks
  • Ability to explain technical jargon in simplified terms
  • Ability to work efficiently and independently with minimal supervision (i.e. self-motivated and willing to stretch to meet important deadlines)
  • Ability to work successfully in a matrixed, global organization
  • Technical curiosity and the ability to learn new technologies quickly

What Sets You Apart:

  • Vendor or supply chain security
  • Project Management Professional (PMP)
  • Service Now experience
  • Familiarity with vulnerability management platforms
  • Familiarity with GRC tools
  • Security or auditing experience with SAP environments preferred
  • Big 4 experience strongly preferred

Dolby will consider qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco Police Code, Article 49, and Administrative Code, Article 12

  • LI-SR1

Meet Some of Dolby's Employees

Kari S.

Senior HR Representative

Kari works with managers and business partner teams on new company mergers and acquisitions—providing guidance about the ins and outs of Dolby to ensure smooth business transitions.

Nicholas B.

Senior Engineer

Nicholas manages Dolby’s software Tech Teams, keeping tabs on tasks and supporting the growth of Dolby’s exceptional audio and gaming products.


Back to top