Conduct Compliance Risk Assessments / Compliance Impact Assessments ( CIA) of cloud based applications against all control domains (NIST or similar)
Analyze project documentation like architecture diagrams and conduct interviews to perform risk and gap assessment
Determine impact of new projects/changes on security & compliance posture of the organization.
Provide compliance and control requirements to new projects
Provide compliant implementation standards/ best practices to achieve control requirements
Integrate compliance and security into solution designs.
Assess risks of security gaps, and develop remediation plans.Perform follow up activities related todrive remediation efforts.
Support design and implementation of automated tools for compliance . Design self service oriented solutions for scaling compliance operations and derive repeatable audit artifacts.
Provide Audit Support as required.Engage with Engineering teams for readiness assessments, testing, control review for annual and on-going compliance audits (like SOX, ISO, SOC). Provide compliance consultation to design effective and complaint processes.
Identify risks, process improvements and design automated monitoring solutions for control areas like Change Management,Release Management, SDLC, Configuration Management, Logging, Software Supply Chain. Drive implementation of effective controls.
Assist with development of compliance documentation, policies and processes in support of requirements and ensure that controls are operating effectively.
Develop a close partnership with engineering to educate and inform them around priority and importance of compliance requirements. Ability to identify risk-appropriate control implementation solutions while considering engineering and business priorities with compliance needs.
Work cross-functionally to drive security control implementation for the organization.
QUALIFICATIONS:
7+ years of related work experience in Information Security Governance, Risk and Compliance (GRC) or relevant Compliance roles in the tech industry. Big 4 consulting experience is a plus.
Minimum 3 years prior experience auditing cloud environments (AWS, Azure, and GCP), performing compliance assessments , conducting risk assessments and / or driving audits like SOX,ISO, SOC, PCI DSS
Ability to multitask and manage simultaneous projects
Ability to organize, conduct and drive meetings and outcomes independently. Must be aware of and deliver quality stakeholder engagement experience in a fast-paced, innovative environment
Strong analytical, communication (verbal and written), and project management skills
Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space.
Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP
LOCATION:
San Mateo, ability to support global teams based in India & Poland
The following represents the expected range of compensation for this role:
The estimated base salary range for this role is $148,000 - $199,500.
Additionally, this role is eligible to participate in Snowflake’s bonus and equity plan.