Security Policy and Compliance Analyst
Facebook's mission is to give people the power to share, and make the world more open and connected. Through our growing family of apps and services, we're building a different kind of company that helps billions of people around the world connect and share what matters most to them. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to make the world more open and accessible. Connecting the world takes every one of us—and we're just getting started.
Facebook is seeking an experienced Security Policy and Compliance Analyst to join our team. This position will be responsible for understanding and supporting the design Facebook's organizational, procedural and technological security controls within the context of the global regulatory frameworks applicable to our business. The position will also help codify these controls in supporting documentation and explain them to internal and external stakeholders. The Security Policy and Compliance Analyst will be someone that has a passion for implementing innovative security controls that mitigate risk to the company, empower Facebook's culture of rapid innovation, and help demonstrate Facebook's dedication to security to the world. This role requires a mix of broad, business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards, and a polished ability to communicate with key internal stakeholders. This role is a full time position located at our office in Dublin, Ireland.
- Help demonstrate Facebook's commitment to security to external stakeholders
- Understand technical implementation details necessary to identify and assess security risks and recommend mitigating controls
- Participate in the development and oversight of required corrective action plans relating to security compliance issues
- Support business relationships with the internal and external security auditors and regulators
- Identify, research and evaluate new compliance requirements and ensure they are incorporated into Facebook's security policy framework
- Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls
- Support the identification, validation and remediation of information technology controls required by Irish Data Protection Act, Federal Trade Commission, Sarbanes-Oxley, Payment Cardholder Information Data Security Standards (PCI DSS), regulations governing personally identifiable information (PII), SOC2 and SOC3 trust principles, and other applicable regulatory compliance frameworks
- Partner with internal teams to ensure successful security programs that align with compliance requirements
- Understand the security needs of internal and external stakeholders around external business partners and maintain a process that meets stakeholder needs
- Manage daily activities and functions of the external business partner management program
- Coordinate and drive business partner security assessment activities for both inbound and outbound relationships
- Lead assessments of business partner security risk, develop mitigation plans, and work with internal stakeholders to assign monitoring responsibility. Prepare and complete annual risk assessments and assist with regulatory and accreditation audit preparation as needed
- Support business partner selection on significant sourcing decisions and reassess security risk for business partners prior to contract renewals
- Deep experience in information security compliance
- In-depth experience of data security frameworks and regulatory standards, including PCI, SSAE16-SOC2, ISO27001/2 & SOX.
- 4+ years minimum experience supporting compliance programs within the technology space
- Excellent communication skills
- Strong project management skills required
- Experience with developing security and compliance reporting for a variety of audiences, including executive management
- Demonstrated leadership skills with the ability to work effectively across various levels
- Experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities
- Experienced in processes for assessing and designing internal controls for large scale organizations
- Solid knowledge and experience of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
- Experience assessing security risk for large scale organizations.
- Bachelors in business/technology required
- Certifications in one or more of the following areas: CISSP, CISA, CISM, GISO, GCIH, CIPP
- Experience security consulting for a big 4 or related professional services/consulting background
- Experience with cloud services
Meet Some of Facebook's Employees
Manager, Global Client Solutions
Peipei helps Facebook’s top clients devise solution-based and results-driven social media strategies. She creates strategic partnerships to help people and brands connect in a more meaningful way.
Back to top