Address security questionnaires (for key information security controls)
Collaborated with legal to review and redline key information security clauses in the contract review process.
Develop and maintain audit plans, including scope, objectives, and testing methodology for Customer Audit and Assessment.
Collaborate with other departments to ensure get the response and update the audit/assessment response.
Attend customer meetings to walk them through the internal security posture of the organization.
Document and report audit/assessment/meeting findings and recommendations to the team.
Address or assist sales teams during the RFP process if customers have information security related questions.
Manage and improve the security risk posture to keep in-line with current threat landscape, enterprise strategy/initiatives and current regulatory requirements at least annually.
Act as a subject matter expert and guide during customer and supplier contract negotiations (Procurement or Legal-led negotiations).
Collaborate with business partners and work cross-functionally with departmental team members to perform Security Audits
Support the internal Third Party Risk Management team in reviewing the onboarding request, annual risk assessments
Manage operational effectiveness of security controls, perform root cause analysis on failures, and drive remediation in a continuous improvement process.
Work with security/technical teams, suppliers, and partners to ensure that appropriate controls are implemented, measured, and improved over time.
Prepare compliance and risk assessment reports by collecting, analyzing, and summarizing information from walkthroughs, interviews, and systems.
Key Essentials
Candidate must have 4+ years working in information security.
At least 1 IT Security certification required (CISSP, CISM, CISA, SANS, Security+, etc.)
Functional knowledge of the common security domains, industry standards, and best practices.
Experience with common security and privacy frameworks (i.e., ISO 27001/2, SOX IT Controls, SOC2 Trust Principles, PCI-DSS, HIPAA, GDPR, NIST 800-53, FedRAMP, CIS18).
Ability to communicate risk methodologies and concepts to the business unit and IT.
Demonstrated experience with controls definition, development, implementation, and assessment.
Demonstrated experience leading and executing security assessments.
Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
Strong critical thinking and communication skills (verbal/written).
Strong attention to detail, project management and organizational skills.
What We would Like to See
A pragmatic and professional nature.
Ability to work proactively, and independently in a fast-paced environment.
Open minded, able to share information, transfer knowledge to other team and Informatica employees.
A dynamic nature with the ability to adjust to varying environments and cultures. Excited about working with a GRC team that encourages cross-training and occasionally supporting other functions inside the team (supplier trust, key compliance efforts, training, etc.)
Able to manage multi-task assignments and efficiently prioritize with limited supervision.
Able to establish and meet deadlines and establish clear priorities quickly.
Experience in documenting and contributing to the development of security plans, compliance process flows and process creation.