Security and Privacy Analyst

Who are we:

Eptura is a global worktech company that digitally connects people, workplaces, and assets in a unified platform to enable our customers to thrive. With 25 million users across 115 countries, we are trusted by the world’s leading companies, including 45% of Fortune 500 brands, to realize a better future at work.

Role Overview:

The Eptura Office of Information Security is looking for a Security and Privacy Analyst to join our Governance, Risk, and Compliance team. This is an exciting opportunity to put your mark on a fast-growing GRC program by helping to refine, consolidate, and implement security and privacy controls for multiple SaaS applications at a global SaaS software company. 

The ideal candidate will be a great communicator with training or experience in risk assessment and audit covering major security frameworks, including ISO 27001, CSA-STAR, AICPA TSC (SOC 2), and FedRAMP. In addition, they will have knowledge of global privacy frameworks such as the General Data Protection Regulation (GDPR), the UK GDPR, CPRA, among others. They will be comfortable initiating cross-functional conversations with other departments internally to identify, report, and track compliance risks through resolution. They will be a major contributor to the development, assessment, and maintenance of policies, standards, and procedures in alignment with Eptura's global security and privacy programs. This is a critical role, and you will be a core member of a growing security team. The Security and Privacy Analyst will report directly to the Director of Security – Governance, Risk, and Compliance.

Responsibilities:

• Contribute to risk assessments and internal audits to assess ongoing compliance with applicable security and privacy frameworks.
• Develop ongoing compliance activities to monitor compliance with internal controls.
• Assist in the maintenance of corporate policies, standards, procedures, and guidelines.
• Work with key stakeholders to identify and document risks, develop remediation plans, and track remediation efforts to resolution.

• Contribute to privacy compliance efforts, including documenting data flows, privacy impact and transfer impact assessments, and records of processing activities.

• Complete security and privacy assessments for existing customers and new prospects.
• Advise internal teams on best practices to help employees understand the “why” behind security and privacy controls.

• Assist in the continued development and administration of the security awareness program, including communication to relevant teams on security best practices.

Required Experience and Training:

• Knowledge of common security frameworks (ISO 27001, AICPA TSCs/SOC 2) and global privacy regulations (GDPR, CPRA, etc.).
• A good understanding of risk assessment and common security vulnerabilities applicable to networks, platforms, and SaaS applications.
• Understanding of cloud environments (GCP, AWS, Azure) and the SaaS delivery model.
• Strong teamwork and collaboration skills with the ability to work across multiple business units (Engineering, HR, Legal, etc.) with multiple stakeholders.
• Excellent written and verbal communication skills, including experience reporting and presenting to various audiences including senior leadership.
• Previous consulting and/or audit experience is a plus.
• Industry recognized certifications in security is a plus (CRISC, GRCP, CISSP, CISA, CISM).
• A bachelor’s degree is optional but preferred

Benefits: 

• Health, Dental, & Vision with flexible PTO

• Dependent, Spousal and Domestic Partner coverage available
• Up to $1000 Company HSA Contribution
• Medical, Dependent Care and Limited FSA Accounts

• Income Protection and Replacement - 100% Company Paid
• Short Term Disability
• Long Term Disability
• Life Insurance

• Employee Assistance Program
• Be a part of a company that is changing the workplace
• Be a part of a fast-paced global team
• Stimulating and fulfilling work.
• Close interaction with product stakeholders and our development teams.
• Great benefits such as work flexibility.
• Global online celebration, recognition, and communication platform
• Growth and Development Opportunities
• All equipment provided to succeed in your role.  

Eptura Information:

• Follow us on Twitter | LinkedIn | YouTube
• Eptura is an Equal Opportunity Employer. At Eptura we promote our flexible workspace environment, free from discrimination. We believe that diversity of experience, perspective, and background leads to a better environment for all our people and a better product for our customers. Everyone is welcome at Eptura, no matter where you are from, and the more diverse we are, the more unified we will be in ensuring respectful connections all around the world