InfoSec Risk & Compliance Analyst
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities â€" we're just getting started.
Facebook is seeking an experienced InfoSec Compliance Analyst to join the Information Security team. This position will be responsible for understanding and supporting the design of Facebook's organizational, procedural, and technological security controls within the context of the global regulatory frameworks applicable to Facebook and its suite of affiliated businesses (Instagram, Oculus, WhatsApp, etc.). The position will help implement, automate, document, and maintain controls while supporting and responding to inquiries from internal and external stakeholders and regulators. An ideal InfoSec Compliance Analyst is someone that has a solid understanding of the broad aspects of information security and can apply that knowledge to solve problems at the scale of Facebook. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn. This role is located at our headquarters in Menlo Park, CA.
- Perform assessments of security controls and processes to identify gaps and support the implementation of appropriate mitigations.
- Understand technical implementation details necessary to assess security risks and design practical security controls.
- Assist with aligning and codifying controls to show how they are mitigating information security risk.
- Participate in the development and oversight of required corrective action plans relating to security compliance issues.
- Support the identification, implementation, and maintenance of automated technical security controls required by various technical regulatory compliance frameworks.
- Help demonstrate Facebookâ€™s commitment to security within the company and to external parties.
- Identify, research, and evaluate new compliance requirements and present them to the team and business.
- Partner with team members and cross-functional groups to create successful security programs that align with compliance requirements.
- Understand the security needs of internal and external stakeholders, regulators, and auditors. Support business relationships with the internal and external security auditors and regulators.
- Assist with responding to external requests inquiring about Facebook's Information Security program including activities like audit management, evidence gathering, scoping, control walkthroughs, etc.
- Assist with daily technical security activities and functions such as assessing vendor security risks, provisioning and reviewing access, creating and maintaining security reports/dashboards, etc.
- Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls.
- 3+ years of experience leading and delivering information security assessments.
- Knowledge of information security concepts and experience applying them at scale.
- Experience performing information security risk assessments and control gap assessments.
- Experience with communication and independently leading projects to completion.
- Experience working with fragmented data to create metrics and insights.
- Experience working with Security Controls across 1 or more domains: Access Management, Encryption, Network Security, Data Security, Configuration Management, Vulnerability Management, Physical Security etc.
- Experience working with leadership and engineers.
- Experience working independently and collaboratively across various levels and teams.
- Bachelors in computer science, computer engineering, or business technology
- Security consulting experience or related professional services/consulting background
- Experience with, and strong understanding of, most of the following security compliance frameworks, controls, and best practices: AICPA Trust Principals (SSAE 16 - SOC 2 and 3), ISO 27001/27018, OWASP Top 10, PCI DSS, CIS, NIST CSF, NIST 800-53, NIST 800-30, GDPR, regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks
- Familiarity with scripting languages, SQL, PHP, python, and web development
- Certifications in one or more of the following areas: CISSP, CISA, CISM, GISO, GCIH, CIPP
- Strong desire to learn and continuously develop and deepen technical skills
Back to top