Sumo Logic
Senior Security Compliance Analyst
Sumo Logic, Denver, Colorado, United States, 80285
Senior Security Compliance Analyst
You will get the opportunity to be on the cutting edge of Cloud Security and Compliance. Sumo Logic is looking for a Senior Security and Compliance Analyst who will be responsible for supporting existing compliance initiatives and continued audits for a fast growing, highly technical Cloud Based SaaS Company. This role is critical to Sumo Logic and will collaborate with our DevSecOps Automation and Security Operations Team as well as all lines of business at Sumo Logic to build relationships and trust across the organization. This role is also critical in representing the Sumo Logic Security Compliance vision to our rapidly expanding global enterprise customer base in the new frontier of cloud computing.
The ideal candidate will have supported compliance programs in a SaaS environment. The role requires you to be detail oriented and highly organized. The ability to take ownership of cross-functional projects and complete them on time and on budget will be crucial to fuel your personal and Sumo Logic's growth.
The ideal candidate will have at least 7 years supporting security compliance programs and at least 5 years of experience in a SaaS environment. Additionally, this candidate must have experience with 3 of the following 6 - PCI-DSS, SOC2, HIPAA, ISO27001, and FedRAMP. Communication skills will be absolutely critical to success. The role requires you to be detail oriented and highly organized with a positive attitude under intense pressure. The ability to take ownership of cross-functional projects and complete them on time and on budget will be crucial to fuel your personal and Sumo Logic's growth.
Responsibilities: Design, develop, and maintain internal controls in response to security and compliance goals: FedRAMP, SOC2, HIPAA, PCI-DSS, ISO27001, etc. Perform security reviews and identify security gaps in architecture resulting in recommendations for inclusion in the risk mitigation strategy Support tooling and automation that facilitate security and compliance related activities and lead to reducing the disruption of audit events Lead planning, coordination and execution of 3rd party-risk assessments and audits Develop and maintain internal and external-facing security and compliance documentation Work with product and engineering teams to maintain compliance baseline in Sumo Logic products Work with internal teams to formulate processes in line with compliance and security controls, hold them accountable for following them, and manage throughout Risk Treatment and Remediation plans Provide direction to management team on compliance goals and statuses Drive periodic reviews, updates, and maintenance of compliance items Interface with external auditors and be the primary point of contact for audits Participate in maintenance of standard security and compliance collateral for marketing and sales activities Requirements:
The role needs to be located primarily in the US supports the analysis, classification, and response to cybersecurity risks within the organization Support sales team with customer meetings regarding questions on Information Security and Privacy Must have strong skills in the following areas: Communication, Security and Privacy and the Compliance of security controls. Ability to work and communicate across various teams and at various levels of the business is essential to this role. Knowledge of compliance frameworks such as PCI DSS, ISO 27001, SOC 2, IRAP and NIST 800-53 / FedRAMP. Desirable:
B.S. in Computer Science / Computer Security or related discipline Cybersecurity Licenses and/or Certifications (e.g. Certified in Risk and Information Systems Control™ (CRISC, Certified Information Security Manager® (CISM), Certified Information Systems Security Professional (CISSP), or equivalent). Experience working with Sales Teams Experience in public cloud environments Incident response experience or training Assist with managing penetration testing, code reviews, internal scanning and remediation of findings Performs internal audit of key controls and communicate results to the executive team
About Us
Sumo Logic, Inc. empowers the people who power modern, digital business. Sumo Logic enables customers to deliver reliable and secure cloud-native applications through its Sumo Logic SaaS Analytics Log Platform, which helps practitioners and developers ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures. Customers worldwide rely on Sumo Logic to get powerful real-time analytics and insights across observability and security solutions for their cloud-native applications. For more information, visit www.sumologic.com.
Sumo Logic Privacy Policy. Employees will be responsible for complying with applicable federal privacy laws and regulations, as well as organizational policies related to data protection.
The expected annual base salary range for this position is $127,000 - $172,000. Compensation varies based on a variety of factors which include (but aren't limited to) role level, skills and competencies, qualifications, knowledge, location, and experience. In addition to base pay, certain roles are eligible to participate in our bonus or commission plans, as well as our benefits offerings, and equity awards.
#LI-Remote
You will get the opportunity to be on the cutting edge of Cloud Security and Compliance. Sumo Logic is looking for a Senior Security and Compliance Analyst who will be responsible for supporting existing compliance initiatives and continued audits for a fast growing, highly technical Cloud Based SaaS Company. This role is critical to Sumo Logic and will collaborate with our DevSecOps Automation and Security Operations Team as well as all lines of business at Sumo Logic to build relationships and trust across the organization. This role is also critical in representing the Sumo Logic Security Compliance vision to our rapidly expanding global enterprise customer base in the new frontier of cloud computing.
The ideal candidate will have supported compliance programs in a SaaS environment. The role requires you to be detail oriented and highly organized. The ability to take ownership of cross-functional projects and complete them on time and on budget will be crucial to fuel your personal and Sumo Logic's growth.
The ideal candidate will have at least 7 years supporting security compliance programs and at least 5 years of experience in a SaaS environment. Additionally, this candidate must have experience with 3 of the following 6 - PCI-DSS, SOC2, HIPAA, ISO27001, and FedRAMP. Communication skills will be absolutely critical to success. The role requires you to be detail oriented and highly organized with a positive attitude under intense pressure. The ability to take ownership of cross-functional projects and complete them on time and on budget will be crucial to fuel your personal and Sumo Logic's growth.
Responsibilities: Design, develop, and maintain internal controls in response to security and compliance goals: FedRAMP, SOC2, HIPAA, PCI-DSS, ISO27001, etc. Perform security reviews and identify security gaps in architecture resulting in recommendations for inclusion in the risk mitigation strategy Support tooling and automation that facilitate security and compliance related activities and lead to reducing the disruption of audit events Lead planning, coordination and execution of 3rd party-risk assessments and audits Develop and maintain internal and external-facing security and compliance documentation Work with product and engineering teams to maintain compliance baseline in Sumo Logic products Work with internal teams to formulate processes in line with compliance and security controls, hold them accountable for following them, and manage throughout Risk Treatment and Remediation plans Provide direction to management team on compliance goals and statuses Drive periodic reviews, updates, and maintenance of compliance items Interface with external auditors and be the primary point of contact for audits Participate in maintenance of standard security and compliance collateral for marketing and sales activities Requirements:
The role needs to be located primarily in the US supports the analysis, classification, and response to cybersecurity risks within the organization Support sales team with customer meetings regarding questions on Information Security and Privacy Must have strong skills in the following areas: Communication, Security and Privacy and the Compliance of security controls. Ability to work and communicate across various teams and at various levels of the business is essential to this role. Knowledge of compliance frameworks such as PCI DSS, ISO 27001, SOC 2, IRAP and NIST 800-53 / FedRAMP. Desirable:
B.S. in Computer Science / Computer Security or related discipline Cybersecurity Licenses and/or Certifications (e.g. Certified in Risk and Information Systems Control™ (CRISC, Certified Information Security Manager® (CISM), Certified Information Systems Security Professional (CISSP), or equivalent). Experience working with Sales Teams Experience in public cloud environments Incident response experience or training Assist with managing penetration testing, code reviews, internal scanning and remediation of findings Performs internal audit of key controls and communicate results to the executive team
About Us
Sumo Logic, Inc. empowers the people who power modern, digital business. Sumo Logic enables customers to deliver reliable and secure cloud-native applications through its Sumo Logic SaaS Analytics Log Platform, which helps practitioners and developers ensure application reliability, secure and protect against modern security threats, and gain insights into their cloud infrastructures. Customers worldwide rely on Sumo Logic to get powerful real-time analytics and insights across observability and security solutions for their cloud-native applications. For more information, visit www.sumologic.com.
Sumo Logic Privacy Policy. Employees will be responsible for complying with applicable federal privacy laws and regulations, as well as organizational policies related to data protection.
The expected annual base salary range for this position is $127,000 - $172,000. Compensation varies based on a variety of factors which include (but aren't limited to) role level, skills and competencies, qualifications, knowledge, location, and experience. In addition to base pay, certain roles are eligible to participate in our bonus or commission plans, as well as our benefits offerings, and equity awards.
#LI-Remote