Security, Compliance and Privacy Analyst
Redwood City, CA

Job Description

Security, Compliance and Privacy Analyst

Sumo Logic is the global Continuous Intelligence leader in in the Cloud, and the only cloud based, multi tenant log-management platform certified in PCI DSS, ISO 27001, CSA Star and our many other attestations. You will get the opportunity to be on the cutting edge of Cloud Security and Compliance. Sumo Logic is looking for a Security, Compliance and Privacy Analyst who will be responsible for supporting existing compliance initiatives and continued audits for a fast growing, highly technical Cloud Based SaaS Company.

The ideal candidate will have supported compliance programs in a SaaS environment. The role requires you to be detail oriented and highly organized. The ability to take ownership of cross-functional projects and complete them on time and on budget will be crucial to fuel your personal and Sumo Logic's growth.

This role will is critical to Sumo Logic and will collaborate with our DevSecOps Automation and SOC Teams as well as all LOB's at within Sumo Logic to build relationships and trust across the organization. This role is also critical in representing the Sumo Logic Compliance and Privacy vision to our rapidly expanding global enterprise customer base in the new frontier of cloud computing.

The ideal candidate will have at least 5 years supporting audit compliance programs and at least 3 years of experience in a SaaS environment. Additionally, this candidate must have experience with 3 of the following 6 - PCI DSS 3.2, SOC2 Type 2, HIPAA, ISO 27001, CSA STAR and Privacy. Communication skills will be absolutely critical to success. The role requires you to be detail oriented and highly organized with a positive attitude under intense pressure. The ability to take ownership of cross-functional projects and complete them on time and on budget will be crucial to fuel your personal and Sumo Logic's growth.

Responsibilities:

* Work with External Auditors to keep current certification and attestations current.
* New Hire and Ongoing Information Security & Privacy Training
* Help improve the efficiency, scalability, and reliability of our security controls.
* Support Vendor Management Assessments processes
* Assist with new compliance initiatives such as FedRAMP and new Privacy Laws
* Perform regular policy audits and keep policies up-to-date and relevant to changing business and technology needs.
* Work as a member of a team, helping the company respond quickly and effectively to business needs.
* Support Sales in prospect and current customer contract renewals taking calls and answering detailed audit & compliance questions & inquiries.

Requirements:

* The role needs to be located primarily in the US
* Support sales team with customer meetings regarding questions on Information Security and Privacy
* Must have strong skills in the following areas: Communication, Security and Privacy and the Compliance of controls in these areas.
* Ability to work and communicate across various teams and at various levels of the business is essential to this role.
* Knowledge of compliance frameworks such as PCI DSS, ISO 27001, SOC 2, NIST 800-53 / FedRAMP and Privacy Laws.

Desirable:

* B.S. in Computer Science / Computer Security or related discipline
* Experience working with Sales Teams
* Experience in public cloud environments
* Incident response experience or training
* Assist with managing penetration testing, code reviews, internal scanning and remediation of findings
* Help perform internal audit of key controls and communicate results to the executive team