Fortinet Security & Compliance Analyst 

United States, California, Sunnyvale 

121162451

As an IT Security & Compliance Analyst, your responsibilities will include:

• Policy Governance: Develop, review, and maintain IT security policies and procedures in alignment with industry standards and regulatory requirements.
• Risk Assessments: Conduct regular risk assessments to identify vulnerabilities, threats, and impacts to IT assets and operations. Evaluate the effectiveness of existing controls and recommend enhancements.
• Risk Management: Collaborate with various departments to develop and implement risk management strategies, including risk mitigation plans and monitoring processes.
• Third-Party Risk Assessments: Perform due diligence and risk assessments on third-party vendors to ensure compliance with security policies and frameworks. Monitor and manage ongoing third-party risk.
• Compliance Framework Implementation: Assist in the implementation and maintenance of compliance frameworks and certifications (SOC 2, HIPAA, ISO 27001/2017/27018, NIST 800-53, FedRamp). Prepare for and support audits and assessments.
• Documentation and Reporting: Maintain accurate documentation of compliance activities, risk assessments, and remediation efforts. Prepare reports for management and stakeholders.
• Continuous Improvement: Stay current with industry trends, regulations, and best practices in IT security and compliance. Recommend improvements to existing processes and controls.
• Internal Audits: Plan, execute, and manage internal audits to assess compliance with ISO 27001 standards and other relevant frameworks.

We are looking for:

• Bachelor’s degree in information security, Computer Science, or a related field.
• 5+ years of experience in IT security, compliance, or risk management.
• Strong knowledge of security compliance frameworks and standards (SOC 2, HIPAA, ISO 27001/27017/27018, NIST 800-53, etc).
• Experience with risk assessment methodologies and tools.
• Familiarity with third-party risk management processes.
• Excellent analytical, problem-solving, and communication skills.
• Experience with GRC tools.
• Relevant certifications (CISSP, CISM, CRISC, or equivalent) are a plus.

We encourage candidates from all backgrounds and identities to apply. We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being.

Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.