Senior Information Security Compliance Analyst
- Bangalore, India
The Sr. Information Security Compliance Analyst will be responsible for supporting the IT Compliance efforts at VMware as well as being engaged in supporting and leading efforts pertaining to other key regulations and compliance activities.
The Sr. Information Security Compliance Analyst must possess initiative and drive and have broad relevant technical knowledge for a cloud-based environment. Good management expertise and excellent written and verbal communication skills are also key attributes for the position. The Sr. Information Security Compliance Analyst must provide direction, coordination and operations planning to accomplish the technical compliance goals and objectives effectively.
Job Role and Responsibility
The Sr. Information Security Compliance Analyst should ensure the existence of appropriate security governance within the cloud and internally controlled environments (policy, procedures, baselines and monitoring); assessment of required security controls, and testing of adherence to required policies, procedures and monitoring. The Sr. Information Security Compliance Analyst will collaborate with other members of the Security and IT teams to define appropriate and effective information security controls and will work with the various business units to implement them. The Sr. Information Security Compliance Analyst will also be responsible for performing gap analysis exercises while working collaboratively with Functional Business Unit and IT teams to implement required remediation effectively.
Essential functions for this role include:
- Perform a deficiency analysis and implement required ITGC controls to meet IT Policy and Regulatory Compliance requirements in a cloud environment.
- Escalate and resolve security risks and issues as required.
- Develop and track towards overall mission and GRC Roadmap
- Develop metrics and reporting to demonstrate information security compliance status.
- Communicate the compliance effectiveness to Management on a scheduled basis.
- Test for adherence to policy and regulatory controls, procedures and standards.
- Work closely with both Internal and External audit teams and coordinate security compliance audits
- Prepare for engagement reviews and quality assurance activities.
- Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure appropriate remediation measures have been achieved timely.
- Perform impact analysis as needed where controls fail or are considered ineffective.
- Track mitigation steps and ensure that risks are managed appropriately and in a timely manner.
- Assist with other GRC activities as required.
- Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable GRC compliance initiative.
- Assist with integrating policy and regulatory compliance requirements into the organization's processes (e.g., change control, mergers and acquisitions) and life cycle activities.
- Manages timelines, resources, project plans, action item logs, status reports and statistics to ensure milestones, goals and commitments are met.
- Lead control integration efforts with new or existing systems and supporting architecture
- Bachelor's degree in Computer Science, or related discipline.
- 3-5 years of Compliance, Security or IT Audit experience preferably in a cloud environment.
- SOX ITGC, HIPAA, GDPR, PCI, ISO 27K experience a plus
- Strong understanding of application, network, operating system and core infrastructure security concepts.
- Excellent written and verbal communication skills.
- Effective negotiating and problem solving skills.
- Experience working with Internal and External Audit teams
- Proactive and detail orientated team player.
- Familiarity with common compliance frameworks such as COBIT, COSO, ISO 27001, and industry recognized guidance such as NIST a plus
- Strong analytical, diagnostic, critical thinking skills
- Ability to work efficiently and independently with minimal supervision
- BA or BS degree or higher in IS or related field required;
- Strong ability to represent data in graphical form
- Advanced security certifications like CISM, CISA, CISSP-ISSMP preferred
- RSA Archer GRC and SAP knowledge and experience highly desired
- Experience working with or utilizing the RSA Archer eGRC application a plus
- Experience with a large company and/or Big 4 accounting firm
VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. VMware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.
Back to top