Job Description

We are currently looking for an energetic Senior Information Security Analyst (GRC) with proven experience working in information security to support Customer audits/Requests, and Customer engagements, Supplier Risk Management to join our global team. The ideal candidate is passionate about audit and compliance and is excited to join our growing team to enhance our security Risk & Compliance program.Job SummaryReporting to the Manager, Information Security, you will be responsible for maintaining Information Security related documents (including assisting with the development of policies, procedures, standards, and guidelines), performing assessments against various frameworks, and assessing controls in place internally and supporting the customer related activities such as response to security questionnaire, attending customer meetings, creating standard questionnaire documentation that will meet the various regulations, best practices, and data protection requirements along with supporting the Third Party Risk Management Program.In the role of Senior Information Security Analyst (GRC), you must be able to work and adapt in a fluid, fast-paced environment, and have a track record of partnering effectively with a diverse set of technical and non-technical professionals including IT, Legal, Sales, R&D, HR, and external auditors.Our customers consider our certifications and standards as competitive differentiators, which includes 9 of the Fortune 10, 84 of the Fortune 100, and 923 of the Global 2000. We also believe data is the most valuable competitive asset today as companies increasingly pursue digital transformation initiatives to modernize their businesses. Our cloud platform grew more than 60% since the previous year - processing over 27 trillion transactions/month and adding several new products and features. As customers continue processing more data on our cloud platform and with increasingly complex use cases, the need for strong security and privacy governance becomes even greater.As the Senior Information Security (GRC) you will use your deep expertise on current and upcoming standards to mature our internal programs and processes, based on our growing global commercial and public sector customer footprint.Day-to-day Duties? Here\'s What You\'ll Be Doing

• Address security questionnaires (for key information security controls)
• Collaborated with legal to review and redline key information security clauses in the contract review process.
• Develop and maintain audit plans, including scope, objectives, and testing methodology for Customer Audit and Assessment.
• Collaborate with other departments to ensure get the response and update the audit/assessment response.
• Attend customer meetings to walk them through the internal security posture of the organization.
• Document and report audit/assessment/meeting findings and recommendations to the team.
• Address or assist sales teams during the RFP process if customers have information security related questions.
• Manage and improve the security risk posture to keep in-line with current threat landscape, enterprise strategy/initiatives and current regulatory requirements at least annually.
• Act as a subject matter expert and guide during customer and supplier contract negotiations (Procurement or Legal-led negotiations).
• Collaborate with business partners and work cross-functionally with departmental team members to perform Security Audits
• Support the internal Third Party Risk Management team in reviewing the onboarding request, annual risk assessments
• Manage operational effectiveness of security controls, perform root cause analysis on failures, and drive remediation in a continuous improvement process.
• Work with security/technical teams, suppliers, and partners to ensure that appropriate controls are implemented, measured, and improved over time.
• Prepare compliance and risk assessment reports by collecting, analyzing, and summarizing information from walkthroughs, interviews, and systems.

• Candidate must have 4+ years working in information security.
• At least 1 IT Security certification required (CISSP, CISM, CISA, SANS, Security+, etc.)
• Functional knowledge of the common security domains, industry standards, and best practices.
• Experience with common security and privacy frameworks (i.e., ISO 27001/2, SOX IT Controls, SOC2 Trust Principles, PCI-DSS, HIPAA, GDPR, NIST 800-53, FedRAMP, CIS18).
• Ability to communicate risk methodologies and concepts to the business unit and IT.
• Demonstrated experience with controls definition, development, implementation, and assessment.
• Demonstrated experience leading and executing security assessments.
• Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
• Strong critical thinking and communication skills (verbal/written).
• Strong attention to detail, project management and organizational skills.

• A pragmatic and professional nature.
• Ability to work proactively, and independently in a fast-paced environment.
• Open minded, able to share information, transfer knowledge to other team and Informatica employees.
• A dynamic nature with the ability to adjust to varying environments and cultures. Excited about working with a GRC team that encourages cross-training and occasionally supporting other functions inside the team (supplier trust, key compliance efforts, training, etc.)
• Able to manage multi-task assignments and efficiently prioritize with limited supervision.
• Able to establish and meet deadlines and establish clear priorities quickly.
• Experience in documenting and contributing to the development of security plans, compliance process flows and process creation.

Informatica