Senior Information Security Compliance Analyst

Job Description

Job posting title

Sr. Information Security Compliance Analyst


This position is required to support the incoming workload and committed projects for the Risk, Governance, and Compliance mission. Without this position the Technical Compliance team will not be able to meet it's committed deliverables and functions to our VMware customers and internal teams.

Job description

The Sr. Information Security Compliance Analyst will be responsible for supporting the IT Compliance efforts at VMware as well as being engaged in supporting and leading efforts pertaining to other key regulations and compliance activities.

Business Summary (Must contain a minimum of at least 50+ words)

The Sr. Information Security Compliance Analyst must possess initiative and drive and have broad relevant technical knowledge for a cloud based environment. Good management expertise and excellent written and verbal communication skills are also key attributes for the position. The Sr. Information Security Compliance Analyst must provide direction, coordination and operations planning to accomplish the technical compliance goals and objectives effectively.

Job Role and Responsibility (Must contain a minimum of at least 70+ words)

The Sr. Information Security Compliance Analyst should ensure the existence of appropriate security governance within the cloud and internally controlled environments (policy, procedures, baselines and monitoring); assessment of required controls, and testing of adherence to required policies, procedures and monitoring. The Sr. Information Security Compliance Analyst will collaborate with other members of the Security and IT teams to define appropriate and effective information security controls and will work with the various business units to implement them. The Sr. Information Security Compliance Analyst will also be responsible for performing gap analysis exercises while working collaboratively with Functional Business Unit and IT teams to implement required remediation effectively.

Essential functions for this role include:

  • Perform a deficiency analysis and implement required controls to meet IT Policy and Regulatory Compliance requirements in a cloud environment.
  • Escalate and resolve risks and issues as required.
  • Develop and track towards overall mission and GRC Roadmap
  • Develop metrics and reporting to demonstrate compliance status.
  • Communicate the compliance effectiveness to Management on a scheduled basis.
  • Test for adherence to policy and regulatory controls, procedures and standards.
  • Prepare for engagement reviews and quality assurance activities.
  • Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures have been achieved timely.
  • Perform impact analysis as needed where controls fail or are considered ineffective.
  • Track mitigation steps and ensure that risks are managed appropriately and in a timely manner.
  • Assist with other GRC activities as required.
  • Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable GRC compliance initiative.
  • Assist with integrating policy and regulatory compliance requirements into the organization's processes (e.g., change control, mergers and acquisitions) and life cycle activities.
  • Manages timelines, resources, project plans, action item logs, status reports and statistics to ensure milestones, goals and commitments are met.
  • Work closely with both Internal and External audit teams.
  • Lead control integration efforts with new or existing systems and supporting architecture

Required Skills (Must contain a minimum of at least 40+ words)
  • Bachelor's degree in Computer Science, or related discipline.
  • 3-5 years of Compliance, Security or Audit 5 experience preferably in a cloud environment.
  • HIPAA, PCI, ISO 27K experience a plus
  • Strong understanding of application, network, operating system and core infrastructure security concepts.
  • Excellent written and verbal communication skills.
  • Effective negotiating and problem solving skills.
  • Experience working with Internal and External Audit teams
  • Proactive and detail orientated team player.
  • Familiarity with common compliance frameworks such as COBIT, COSO, ISO 27001K, and industry recognized guidance such as NIST a plus
  • Strong analytical, diagnostic, critical thinking skills
  • Ability to work efficiently and independently with minimal supervision
  • BA or BS degree or higher in IS or related field required;
  • Strong ability to represent data in graphical form

Preferred Skills (Must contain a minimum of at least 20+ words)
  • Advanced security certifications like CISM, CISA, CISSP-ISSMP preferred
  • RSA Archer GRC and SAP knowledge and experience highly desired
  • Experience working with or utilizing the RSA Archer eGRC application a plus
  • Experience with a large company and/or Big 4 accounting firm

VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.

Back to top