The Challenge
We are seeking a highly skilled Senior Analyst to join our dynamic team. In this role, you will play a pivotal role in strengthening the effectiveness of the OneTrust Platform through the creation of new GRC content, as well as providing robust support for existing content across a spectrum of compliance frameworks (which includes SOC 2, ISO27001, PCI DSS, NIST CSF, HIPAA, privacy regulations (GDPR, CCPA and other state privacy laws), NIST 800-53, NIST AI RMF etc). Your responsibilities will include addressing security and privacy inquiries, aiding cross-functional teams with expert security insights, and contributing to the continuous enhancement of OneTrust platform. This role demands a strong background in security and privacy, alongside the ability to develop and implement reliable, standardized processes.
Your Mission
Develop comprehensive content, encompassing policies, controls, implementation guidelines, templates and mapping relationship, tailored to various compliance frameworks.
Conduct thorough research and analysis to ensure accurate and up-to-date content development.
Interpret and translate complex regulatory requirements into clear and concise documentation.
Continuously refine and update content in response to framework revisions or regulatory changes.
Stay informed about industry trends, emerging regulations, and best practices related to compliance frameworks.
Engage in collaborative efforts with internal teams (including sales, customer support, and marketing) to solicit feedback on content and actively identify market demand for various compliance frameworks.
Effectively communicate content-related updates within OneTrust Platform.
Address security and privacy inquiries related to specific compliance frameworks to enhance support for customers by addressing their needs regarding out-of-the-box content.
Engage in internal brainstorming sessions and contribute to user acceptance testing for new product releases.
Maintain thorough knowledge of OneTrust Platform and offer feedback on product features such as ERM, Compliance Modules, Policy Modules, Third-party Risk Management Module (TPRM) etc.
Deliver training sessions to internal stakeholders as necessary on newly launched frameworks within the OneTrust platform.
You Are
Bachelor's degree in a relevant field (e.g., Information Technology, Business Administration, Compliance).
Minimum 4 years of experience in information security and privacy compliance, consulting, or research, spanning multiple industries.
In-depth knowledge of various compliance frameworks such as SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, NIST etc.
Proven experience in developing content related to controls, policies, and risk management and working with any compliance management software.
Strong analytical skills with the ability to interpret complex regulatory requirements.
Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams.
Detail-oriented approach with a focus on accuracy and quality.
Demonstrated knowledge of key IT controls and risk assessment concepts.
Understanding of audit practices and methodologies.
Ability to manage multiple tasks concurrently.
Relevant certifications (e.g., CISA, CRISC, CISSP, CIPP/E, CIPP/C, CIPP/US) preferred.
