Information Security Compliance Analyst

About the job

Overview

Come join the Intuit Information Security Organization at Intuit! We are looking for an innovative professional to join a world class team.

The Intuit Information Security (IIS) organization is changing the way we look at security and compliance. As the compliance landscape expands with ISO 27001, GDPR, NIST, etc., our need to scale to demonstrate compliance is becoming more critical within our internal environment as well as with our third parties. We are looking for a motivated, passionate Staff Compliance Analyst who will be transforming the traditional check the box compliance process to an automated, on-demand demonstrable compliance model. This professional will improve and scale the regulatory and customer assurance compliance program by creating compliance dashboards, driving end to end compliance models, testing the compliance environment for early signs of non-compliance, creating automated evidence to reduce the audit fatigue, while working cross functionally with our global business units and functional groups. This professional will be translating security frameworks technical controls into language for non-security team members to understand and implement, managing remediation of non-compliance to closure, managing exception to policies and creating security standards to comply with policies.

Intuit prides itself on being innovative, bold and passionate. This is an exciting position supporting our most important regulatory compliance like GDPR, PCI, ISO and NIST company priorities as we transform to a cloud environment. The Staff Compliance Analyst has the opportunity to innovate in a cloud environment and re-imagine compliance working across Intuit and with the business units as well as our functional group partners in IT, Legal, Privacy and Procurement.

What You’ll Bring

  • Support a collaborative, performance-driven culture that builds bridges with other functional groups across the enterprise and maintains positive working relationships
  • 7+ years working in an IT audit/risk management / IT compliance role
  • Demonstrated experience with controls definition, development, implementation, and assessment
  • Functional knowledge of multiple security domains and information security industry standards and best practices
  • Understanding of cyber risks management practices at financial services institutions. Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.
  • Understanding of regulatory requirements and expectations related to cyber risk
  • Extensive Knowledge in various compliance frameworks and regulations (CCPA, GDPR, PCI, NIST SP 800-53, ISO 27001, SOC 1/2, NY DFS in the area of privacy and security, as well as audit management
  • Solid experience managing compliance initiatives for cloud platforms and interacting with external auditors
  • Knowledge of Cloud security, Cloud Security certification is a plus
  • Ability to identify and recommend tools, processes, and software to automate and continuously improve compliance practices
  • Ability to influence across all levels of the organization
  • Drive, determination and the ability to overcome roadblocks and initial objections.
  • Strong project management skills
  • Strong written and verbal communication skills
  • Bachelor’s degree in computer science or information systems or equivalent field; passion in coding
  • CISSP or CISA/CISM preferred
  • Location: San Diego or Mountain View

How You Will Lead

  • Lead and manage all compliance activities with respect to ISO 27001 including Scope Identification, Audit Readiness, Remediation, Risk assessment and Maintenance
  • Partner with Internal Audit team and BUs to drive end to end remediation of Compliance deficiencies reported to ensure compliance with corporate security policy and ISO requirements
  • Create continuous view of risk and compliance dashboards to bring risk visibility to leaders and ensure any impact to compliance is quickly reported
  • Work with the external auditor during new scope certification and surveillance audits.
  • Oversee and maintain compliance documentation, including the scope of the ISO 27001 certification, ISO SOA
  • Interact with senior leadership to support cross-functional security and compliance initiatives, including providing subject matter expertise over security processes for new and ongoing customer and regulatory requirements
  • Work across organizational boundaries to drive implementation of compliance requirements and security controls
  • Establish and deliver meaningful and actionable compliance metrics and reporting
  • Work with the Automated Compliance Platform (ACP) team to identify new requirements which need to be automated in ACP; Leverage automated evidence collection where applicable; Evidence Collection automation in ACP for automatable controls and audit requests
  • Partner across teams to define roadmaps, project plans, and ensure compliance deliverables or remediation plans remain on-track
  • Develop strong relationships with the business/functional units to understand any interdependency and ensure demonstrable compliance
  • Monitor changes to the regulatory frameworks and landscape and recommend policy changes that will help the business be proactive in maintaining compliance

More Information

Apply for this job

Leave your thoughts

Share this job